Privacy


Latest

Liberty News Control Freaks
Privacy News  
2012   2013   2014   2015   2016   2017   2018   2019   2020   Latest  

 

Do not snoop, do not profile, and do not earn any money...

Newspapers realise that the ICO default child protection policy may be very popular with adults too, and so it may prove tough to get them to age verify as required for monetisation


Link Here 24th January 2020
Full story: ICO Age Appropriate Design...ICO calls for age assurance for websites accessed by children
News websites will have to ask readers to verify their age or comply with a new 15-point code from the Information Commissioner's Office (ICO) designed to protect children's online data, ICO has confirmed.

Press campaign groups were hoping news websites would be exempt from the new Age Appropriate Design Code so protecting their vital digital advertising revenues which are currently enhanced by extensive profiled advertising.

Applying the code as standard will mean websites putting privacy settings to high and turning off default data profiling. If they want to continue enjoying revenues from behavioural advertising they will need to get adult readers to verify their age.

In its 2019 draft ICO had previously said such measures must be robust and that simply asking readers to declare their age would not be enough.But it has now confirmed to Press Gazette that for news websites that adhere to an editorial code, such self-declaration measures are likely to be sufficient.

This could mean news websites asking readers to enter their date of birth or tick a box confirming they are over 18. An ICO spokesperson said sites using these methods might also want to consider some low level technical measures to discourage false declarations of age, but anything more privacy intrusive is unlikely to be appropriate..

But Society of Editors executive director Ian Murray predicted the new demands may prove unpopular even at the simplest level. Asking visitors to confirm their age [and hence submit to snooping and profiling] -- even a simple yes or no tick box -- could be a barrier to readers.

The ICO has said it will work with the news media industry over a 12-month transition period to enable proportionate and practical measures to be put in place for either scenario.

In fact ICO produced a separate document alongside the code to explain how it could impact news media, which it said would be allowed to apply the code in a risk-based and proportionate way.

 

 

And ICO takes a watching brief...

Met Police to make facial recognition cameras a fully operational feature of its arsenal


Link Here24th January 2020
Full story: CCTV with facial recognition...Police introduce live facial recognition system
The Metropolitan Police has announced it will use live facial recognition cameras operationally for the first time on London streets.

Following earlier pilots in London and deployments by South Wales police, the cameras are due to be put into action within a month. Cameras will be clearly signposted, covering a small, targeted area, and police officers will hand out leaflets about the facial recognition scanning, the Met said.

Trials of the cameras have already taken place on 10 occasions in locations such as Stratford's Westfield shopping centre and the West End of London. The Met said in these trials, 70% of wanted suspects in the system who walked past the cameras were identified, while only one in 1,000 people generated a false alert. But an independent review of six of these deployments found that only eight out of 42 matches were verifiably correct.

Over the past four years, as the Met has trialled facial recognition, opposition to its use has intensified, led in the UK by campaign groups Liberty and Big Brother Watch.

The force also believes a recent High Court judgment, which said South Wales Police did not breach the rights of a man whose face had been scanned by a camera, gives it some legal cover. The case is heading for the Court of Appeal. But the Met is pressing on, convinced that the public at large will support its efforts to use facial recognition to track down serious offenders.

Last year, the Met admitted it supplied images for a database carrying out facial recognition scans on a privately owned estate in King's Cross, after initially denying involvement.

Update: Censored whilst claiming to be uncensored

24th January 2020. See article from ico.org.uk

It seems to the normal response from the Information Commissioner's Office to turn a blind eye to the actual serious exploitation of people's personal data whilst focusing heavily on generating excessive quantities of red tape rules requiring small players to be ultra protective of personal to point of strangling their businesses and livelihoods. And, just like for unconsented website tracking and profiling by the only advertising industry, the ICO will monitor and observe and comment again later in the year:

In October 2019 we concluded our investigation into how police use live facial recognition technology (LFR) in public places. Our investigation found there was public support for police use of LFR but also that there needed to be improvements in how police authorised and deployed the technology if it was to retain public confidence and address privacy concerns. We set out our views in a formal Opinion for police forces.

The Metropolitan Police Service (MPS) has incorporated the advice from our Opinion into its planning and preparation for future LFR use. Our Opinion acknowledges that an appropriately governed, targeted and intelligence- led deployment of LFR may meet the threshold of strict necessity for law enforcement purposes. We have received assurances from the MPS that it is considering the impact of this technology and is taking steps to reduce intrusion and comply with the requirements of data protection legislation. We expect to receive further information from the MPS regarding this matter in forthcoming days. The MPS has committed to us that it will review each deployment, and the ICO will continue to observe and monitor the arrangements for, and effectiveness of, its use.

This is an important new technology with potentially significant privacy implications for UK citizens. We reiterate our call for Government to introduce a statutory and binding code of practice for LFR as a matter of priority. The code will ensure consistency in how police forces use this technology and to improve clarity and foreseeability in its use for the public and police officers alike. We believe it's important for government to work with regulators, law enforcement, technology providers and communities to support the code.

Facial recognition remains a high priority for the ICO and the public. We have several ongoing investigations. We will be publishing more about its use by the private sector later this year.

Update: Big Brother Watch  Petition

24th January 2020. Sign the petition from you.38degrees.org.uk

To: Priti Patel, Home Secretary and Cressida Dick, Commissioner of the Metropolitan Police

Urgently stop the Metropolitan Police using live facial recognition surveillance.

Why is this important?

The Metropolitan Police has announced it will use live facial recognition across London, despite an independent review finding its previous trials likely unlawful and over 80% inaccurate. The Met is the largest police force in the democratic world to roll out this dangerously authoritarian surveillance. This represents an enormous expansion of the surveillance state and a serious threat to civil liberties in the UK - and it sets a dangerous precedent worldwide. We urge the Home Secretary and Met Commissioner to stop it now.

 

 

Commented: Floundering...

ICO takes no immediate action against the most blatant examples of people's most personal data being exploited without consent, ie profiled advertising


Link Here23rd January 2020
Full story: ICO on Ad Tech...invasive personalised advertising wthout obtaining consent
Blatant abuse of people's private data has become firmly entrenched in the economic model of the free internet ever since Google recognised the value of analysing what people are searching for.

Now vast swathes of the internet are handsomely funded by the exploitation of people's personal data. But that deep entrenchment clearly makes the issue a bit difficult to put right without bankrupting half of the internet that has come to rely on the process.

The EU hasn't helped with its ludicrous idea of focusing its laws on companies having to obtain people's consent to have their data exploited. A more practical lawmaker would have simply banned the abuse of personal data without bothering with the silly consent games. But the EU seems prone to being lobbied and does not often come up with the most obvious solution.

Anyway enforcement of the EU's law is certainly causing issues for the internet censors at the UK's ICO.

The ICO warned the adtech industry 6 months ago that its approach is illegal  and has now announced that it would not be taking any action against the data abuse yet, as the industry has made a few noises about improving a bit over the coming months.

Simon McDougall, ICO Executive Director of Technology and Innovation has written:

The adtech real time bidding (RTB) industry is complex, involving thousands of companies in the UK alone. Many different actors and service providers sit between the advertisers buying online advertising space, and the publishers selling it.

There is a significant lack of transparency due to the nature of the supply chain and the role different actors play. Our June 2019 report identified a range of issues. We are confident that any organisation that has not properly addressed these issues risks operating in breach of data protection law.

This is a systemic problem that requires organisations to take ownership for their own data processing, and for industry to collectively reform RTB. We gave industry six months to work on the points we raised, and offered to continue to engage with stakeholders. Two key organisations in the industry are starting to make the changes needed.

The Internet Advertising Bureau (IAB) UK has agreed a range of principles that align with our concerns, and is developing its own guidance for organisations on security, data minimisation, and data retention, as well as UK-focused guidance on the content taxonomy. It will also educate the industry on special category data and cookie requirements, and continue work on some specific areas of detail. We will continue to engage with IAB UK to ensure these proposals are executed in a timely manner.

Separately, Google will remove content categories, and improve its process for auditing counterparties. It has also recently proposed improvements to its Chrome browser, including phasing out support for third party cookies within the next two years. We are encouraged by this, and will continue to look at the changes Google has proposed.

Finally, we have also received commitments from other UK advertising trade bodies to produce guidance for their members

If these measures are fully implemented they will result in real improvements to the handling of personal data within the adtech industry. We will continue to engage with industry where we think engagement will deliver the most effective outcome for data subjects.

Comment: Data regulator ICO fails to enforce the law

18th January 2020. See article from openrightsgroup.org

Responding to ICO's announcement today that the regulator is taking minimal steps to enforce the law against massive data breaches taking place in the online ad industry through Real-Time Bidding, complainants Jim Killock and Michael Veale have called on the regulator to enforce the law.

The complainants are considering taking legal action against the regulator. Legal action could be taken against the ICO for failure to enforce, or against the companies themselves for their breaches of Data Protection law.

The Real-Time Bidding data breach at the heart of RTB market exposes every person in the UK to mass profiling, and the attendant risks of manipulation and discrimination.

As the evidence submitted by the complainants notes, the real-time bidding systems designed by Google and the IAB broadcast what virtually all Internet users read, watch, and listen to online to thousands of companies, without protection of the data once broadcast. Now, sixteen months after the initial complaint, the ICO has failed to act.

Jim Killock, Executive Director of the Open Rights Group said:

The ICO is a regulator, so needs to enforce the law. It appears to be accepting that unlawful and dangerous sharing of personal data can continue, so long as 'improvements' are gradually made, with no actual date for compliance.

Last year the ICO gave a deadline for an industry response to our complaints. Now the ICO is falling into the trap set by industry, of accepting incremental but minimal changes that fail to deliver individuals the control of their personal data that they are legally entitled to.

The ICO must take enforcement action against IAB members.

We are considering our position, including whether to take legal action against the regulator for failing to act, or individual companies for their breach of data protection law.

Dr Michael Veale said:

When an industry is premised and profiting from clear and entrenched illegality that breach individuals' fundamental rights, engagement is not a suitable remedy. The ICO cannot continue to look back at its past precedents for enforcement action, because it is exactly that timid approach that has led us to where we are now.

Ravi Naik, solicitor acting for the complainants, said:

There is no dispute about the underlying illiegality at the heart of RTB that our clients have complained about. The ICO have agreed with those concerns yet the companies have not taken adequate steps to address those conerns. Nevertheless, the ICO has failed to take direct enforcement action needed to remedy these breaches.

Regulatory ambivalence cannot continue. The ICO is not a silo but is subject to judicial oversight. Indeed, the ICO's failure to act raises a question about the adequacy of the UK Data Protection Act. Is there proper judicial oversight of the ICO? This is a critical question after Brexit, when the UK needs to agree data transfer arrangements with the EU that cover all industries.

Dr. Johnny Ryan of Brave said:

The RTB system broadcasts what everyone is reading and watching online, hundreds of billions of times a day, to thousands of companies. It is by far the largest data breach ever recorded. The risks are profound. Brave will support ORG to ensure that the ICO discharges its responsibilities.

Jim Killock and Michael Veale complained about the Adtech industry and Real Time Bidding to the UK's ICO in September 2018. Johnny Ryan of Brave submitted a parallel complaint against Google about their Adtech system to the Irish Data Protection Authority.

Update: Advertising industry will introduce a 'gold standard 2.0' for privacy towards the end of 2020

23rd January 2020. See article from campaignlive.co.uk

The Internet Advertising Bureau UK has launched a new version of what it calls its Gold Standard certification process that will be independently audited by a third party.

In a move to address ongoing privacy concerns with the digital supply chain, the IAB's Gold Standard 2.0 will incorporate the Transparency and Consent Framework, a widely promoted industry standard for online advertising.

The new process will be introduced in the fourth quarter after an industry consultation to agree on the compliance criteria for incorporating the TCF.

 

 

Offsite Article: The Secretive Company That Might End Privacy as We Know It...


Link Here 19th January 2020
Full story: Facial Recognition...An end to privacy and anonymity
A little-known start-up helps law enforcement match photos of unknown people to their database of online images scraped from social media See article from nytimes.com

 

 

Playing the EU's Silly Cookie Game...

Google's Chrome browser will ban 3rd party tracking cookies albeit over the course of two years


Link Here16th January 2020
Full story: EU ePrivacy Law...The Cookie Law: EU regulate consent for tracking cookies
Google is to restrict web pages from loading 3rd party profiling cookies when accessed via its Chrome browser. Many large websites, eg major newspapers make a call to hundreds of 3rd part profilers to allow them to build up a profile of people's browsing history, which then facilitates personalised advertising.

Now Google has said that it will block these third-party cookies within the next two years.

Tracking cookies are very much in the sights of the EU who are trying to put an end to the exploitative practise. However the EU is not willing to actually ban such practises, but instead has invented a silly game about websites obtaining consent for tracking cookies.

The issue is of course that a lot of 'free' access websites are funded by advertising and rely on the revenue from the targeted advertising. I have read estimates that if websites were to drop personalised ads, and fall back on contextual advertising (eg advertising cars on motoring pages), then they would lose about a third of their income. Surely a fall that magnitude would lead to many bankrupt or unviable websites.

Now the final position of the EU's cookie consent game is that a website would have to present two easy options before allowing access to a website:

  • Do you want to allow tracking cookies to build up a database of your browsing history
  • Do you NOT want to allow tracking cookies to build up a database of your browsing history

The simple outcome will be that virtually no one will opt for tracking, so the website will lose a third of its income. So it is rather unsurprising that websites would rather avoid offering such an easy option that would deprive them of so much of their income.

In reality the notion of consent it not practical. It would be more honest to think of the use of tracking cookies as a price for 'free' access to a website.

Perhaps when the dust has settled, a more honest and practical endgame would bea  choice more like:

  • Do you want to allow tracking cookies to build up a database of your browsing history in return for 'free' access
  • Do you want to pay a fee to enable access to the website without tracking cookies
  • Sorry you may not access this website

The EU has been complaining about companies trying to avoid the revenue destroying official consent options. A study just published observes that nearly all cookie consent pop-ups are flouting EU privacy laws.

Researchers at the Massachusetts Institute of Technology, University College London (UCL) and Aarhus University have conducted a joint study into the use of cookies. They analysed five companies which offer consent management platforms (CMP) for cookies used by the UK's top 10,000 websites.

Despite EU privacy laws stating that consent for cookies must be informed, specific and freely given, the research suggests that only 12% of the sites met the minimal requirements of GDPR (General Data Protection Regulation) law. Instead they were found to blanket data consent options in complicated site design, such as:

  • pre-ticked boxes burying decline buttons on later pages multiple clicks tracking users before consent and after pressing reject
  • Just over half the sites studied did not have rejecting all tracking as an option.
  • Of the sites which did, only 13% made it accessible through the same or fewer clicks as the option to accept all.
The researchers estimate it would take, on average, more than half an hour to read through what the third-party companies are doing with your data, and even longer to read all their privacy policies. It's a joke and there's no actual way you could do this realistically, said Dr Veale.

 

 

Exposed pussies...

Another example about how dangerous it is to provide personal data for age or identity verification related to adult websites


Link Here16th January 2020
Cyber-security researchers claim that highly sensitive personal details about thousands of porn stars have been exposed online by an adult website.

They told BBC News they had found an open folder on PussyCash's Amazon web server that contained 875,000 files.

However the live webcam porn network, which owns the brand ImLive and other adult websites, said there was no evidence anyone else had accessed the folder. And it had it removed public access as soon as it had been told of the leak.

The researchers are from vpnMentor, which is a VPN comparison site. vpnMentor said in a blog anyone with the right link could have accessed 19.95GB of data dating back over 15 years as well as from the past few weeks, including contracts revealing more than 4,000 models' including

full name address social-security number date of birth phone number height weight hips, bust and waist measurements piercings tattoos scars The files also revealed scans or photographs of their passport driving licence credit card birth certificate.

 

 

Offsite Article Searching for better privacy...


Link Here15th January 2020
Google to strangle user agent strings in its chrome browse to hamper advertisers from profiling users via fingerprinting See article from zdnet.com

 

 

Even Facebook is preinstalled to avoid users realising how many access rights it assumes...

50 rights organisations call on Google to ban exploitative apps being pre-installed on phones to work around user privacy settings


Link Here14th January 2020
Privacy International and over 50 other organisations have submitted a letter to Alphabet Inc. CEO Sundar Pichai asking Google to take action against exploitative pre-installed software on Android devices.

Dear Mr. Pichai,

We, the undersigned, agree with you: privacy cannot be a luxury offered only to those people who can afford it.

And yet, Android Partners - who use the Android trademark and branding - are manufacturing devices that contain pre-installed apps that cannot be deleted (often known as "bloatware"), which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent.

These phones carry the "Google Play Protect" branding, but research shows that 91% of pre-installed apps do not appear in Google Play -- Google's app store.

These pre-installed apps can have privileged custom permissions that let them operate outside the Android security model. This means permissions can be defined by the app - including access to the microphone, camera and location - without triggering the standard Android security prompts. Users are therefore completely in the dark about these serious intrusions.

We are concerned that this leaves users vulnerable to the exploitative business practices of cheap smartphone manufacturers around the world.

The changes we believe are needed most urgently are as follows:

  • Individuals should be able to permanently uninstall the apps on their phones. This should include any related background services that continue to run even if the apps are disabled.

  • Pre-installed apps should adhere to the same scrutiny as Play Store apps, especially in relation to custom permissions.

  • Pre-installed apps should have some update mechanism, preferably through Google Play and without a user account. Google should refuse to certify a device on privacy grounds, where manufacturers or vendors have attempted to exploit users in this way.

We, the undersigned, believe these fair and reasonable changes would make a huge difference to millions of people around the world who should not have to trade their privacy and security for access to a smartphone.

We urge you to use your position as an influential agent in the ecosystem to protect people and stop manufacturers from exploiting them in a race to the bottom on the pricing of smartphones.

Yours sincerely,

  • American Civil Liberties Union (ACLU)

  • Afghanistan Journalists Center (AFJC)

  • Americans for Democracy and Human Rights in Bahrain (ADHRB)

  • Amnesty International

  • Asociación por los Derechos Civiles (ADC)

  • Association for Progressive Communications (APC)

  • Association for Technology and Internet (ApTI)

  • Association of Caribbean Media Workers

  • Australian Privacy Foundation

  • Center for Digital Democracy

  • Centre for Intellectual Property and Information Technology Law (CIPIT)

  • Citizen D

  • Civil Liberties Union for Europe

  • Coding Rights

  • Consumer Association the Quality of Life-EKPIZO

  • Datos Protegidos

  • Digital Rights Foundation (DRF)

  • Douwe Korff, Emeritus Professor of International Law, London Metropolitan University and Associate of the Oxford Martin School, University of Oxford

  • DuckDuckGo

  • Electronic Frontier Foundation (EFF)

  • Forbrukerrĺdet // Norwegian Consumer Council

  • Foundation for Media Alternatives

  • Free Media Movement (FMM)

  • Freedom Forum

  • Fundación Karisma

  • Gulf Centre for Human Rights (GCHR)

  • Hiperderecho

  • Homo Digitalis

  • IJC Moldova

  • Initiative for Freedom of Expression- Turkey (IFox)

  • Irish Council for Civil Liberties

  • Media Foundation for West Africa

  • Media Institute of Southern Africa (MISA)

  • Media Policy and Democracy Project (University of Johannesburg)

  • Media Policy Institute (MPI)

  • Media Watch

  • Metamorphosis Foundation for Internet and Society

  • Open Rights Group (ORG)

  • Palestinian Center For Development & Media Freedoms (MADA)

  • Panoptykon

  • Paradigm Initiative

  • PEN Canada

  • Philippine Alliance of Human Rights Advocates (PAHRA)

  • Privacy International

  • Public Citizen

  • Red en Defensa de los Derechos Digitales (R3D)

  • Syrian Center for Media and Freedom of Expression (SCM)

  • TEDIC

  • The Danish Consumer Council

  • The Institute for Policy Research and Advocacy (ELSAM)

  • The Tor Project

  • Unwanted Witness

  • Vigilance for Democracy and the Civic State

 

 

Offsite Article: Skype audio monitored by workers in China with no security measures...


Link Here 13th January 2020
Former Microsoft contractor says he was emailed a login after minimal vetting See article from theguardian.com

 

 

Offsite Article: Twelve Million Phones, One Dataset, Zero Privacy...


Link Here3rd January 2020
A interesting report on how smart phone location date is being compiled and databased in the US. By Stuart A. Thompson and Charlie Warzel See article from nytimes.com

 

 

Do Not Sell My Personal Information...

California leads the way on internet privacy in the US as its CCPA law comes into effect


Link Here1st January 2020
A new California law has come into effect that seems to have been inspired by the EU's box ticking nighmare, the GDPR. It give's Californians rights in determining how their data is used by large internet companies.

The law gives consumers the right to know about the personal data that companies have collected about them, to demand that it be deleted, and to prevent it from being sold to third parties.

Although privacy controls only are required for Californians it seems likely that large companies will provide the same controls to all Americans.

The California Consumer Privacy Act (CCPA) will only apply to businesses that earn more than $25 million in gross revenue, that collect data on more than 50,000 people, or for which selling consumer data accounts for more than 50% of revenue.

In early December, Twitter rolled out a privacy center where users can learn more about the company's approach to the CCPA and navigate to a dashboard for customizing the types of info that the platform is allowed to use for ad targeting. Google has also created a protocol that blocks websites from transmitting data to the company. Facebook, meanwhile, is arguing that it does not need to change anything because it does not technically sell personal information. Companies must at least set up a webpage and a toll-free phone number for fielding data requests.

The personal data covered by the CCPA includes IP addresses, contact info, internet browsing history, biometrics (like facial recognition and fingerprint data), race, gender, purchasing behavior, and locations.

Many sections of the law are quite vague and awaiting further clarification in the final draft regulations, which the California attorney general's office is expected to release later in 2020.

 

 

Offsite Article: Facial recognition...


Link Here31st December 2019
Full story: Facial Recognition...An end to privacy and anonymity
People hate it but government's love it, guess who is prevailing? See article from politico.eu

 

 

Offsite Article: EFF's Year in Review...


Link Here30th December 2019
Full story: DNS Over Https...A new internet protocol will make government website blocking more difficult
Encrypting DNS. By Max Hunter and Seth Schoen See article from eff.org

 

 

Offsite Article: EFF's Year in Review...


Link Here29th December 2019
Full story: Internet Encryption...Encryption, essential for security but givernments don't see it that way
Fancy New Terms, Same Old Backdoors: The Encryption Debate in 2019. By Joe Mullin See article from eff.org

 

 

Self financing snooping...

France initiates a program of mass social media surveillance in the name of preventing tax fraud


Link Here28th December 2019
Full story: Comms Snooping in France...French database to monitor political activists
The French government has come up with an innovative way of financing a program of mass social media, surveillance, to use it to detect tax fraud.

The self financing surveillance scheme has now been given the go the constitutional court. Customs and tax officials will be allowed to review users' profiles, posts and pictures for evidence of undisclosed income.

In its ruling, the court acknowledged that users' privacy and freedom of expression could be compromised, but its applied caveats to the legislation. It said authorities would have to ensure that password-protected content was off limits and that they would only be able to use public information pertaining to the person divulging it online. However the wording suggests that the non public data is available and can be used for other more covert reasons.

The mass collection of data is part of a three-year online monitoring experiment by the French government and greatly increases the state's online surveillance powers.

 

 

Offsite Article: EU despairs over lack of enforcement of the GDPR...


Link Here28th December 2019
Full story: EU GDPR law...Far reaching privay protection law
Well if they would create a stupid law of inane tick boxing that is impossible to comply with, and so there are so many transgressions that regulators don't know where to start from See article from politico.eu

2012   2013   2014   2015   2016   2017   2018   2019   2020   Latest  


 


Liberty News

Privacy News
 

Control Freaks

Bollox Britain
 

melonfarmers icon

Home

Index

Links

Email

Shop
 


US

World

Media

Nutters

Liberty
 

Film Cuts

Cutting Edge

Info

Sex News

Sex+Shopping
 


Adult Store Reviews

Adult DVD & VoD

Adult Online Stores

New Releases/Offers

Latest Reviews

FAQ: Porn Legality

Sex Shops List

Lap Dancing List

Satellite X List

Sex Machines List

John Thomas Toys