Privacy

Amazon has refused to hand over recordings from an Echo smart speaker to US police investigating a murder in Arkansas. Police issued a warrant to Amazon to turn over recordings and other information associated with the device.

Amazon twice declined to provide the police with the information they requested from the device, although it did provide account information and purchase history.

Although the Echo is known for having always-on microphones to enable its voice-controlled features, the vast majority of the recordings it makes are not saved for longer than the few seconds it takes to determine if a pre-set wake word (usually Alexa ) has been said. Only if that wake word has been heard does the device's full complement of microphones come on and begin transmitting audio to Amazon.

However the police pursuit of the data suggests there is more of interest up for grabs than Amazon is admitting.

Amazon's reluctance to part with user information fits a familiar pattern. Tech companies often see law enforcement requests for data as invasive and damaging to an industry. It is clearly an issue for sales of a home microphone system if it is easy for the authorities to grab recordings.

Other devices have also been good data sources for police investigations. Wristwatch-style Fitbit activity trackers have cropped up in a few cases eg for checking alibis against sleep patterns or activity.

A smart water meter has also been used in a murder case as evidence of a blood clean up operation,

Facebook has thwarted a dastardly plot by Admiral insurance company to try and get its hands on people's social media postings to assess their insurance risk.

Admiral were planning to offer the possibility of discounts on car insurance for those silly enough to sign over their social media data.

Arch personal data guzzlers Facebook have refused to play ball, and has announced it would not allow the app to access people's posts, citing privacy concerns. A Facebook spokesman said:

Protecting the privacy of the people on Facebook is of utmost importance to us. We have clear guidelines that prevent information being obtained from Facebook from being used to make decisions about eligibility.

We have made sure anyone using this app is protected by our guidelines and that no Facebook user data is used to assess their eligibility. Facebook accounts will only be used for login and verification purposes. Our understanding is that Admiral will then ask users who sign up to answer questions which will be used to assess their eligibility.

AT&T developed a product for spying on all its customers and made millions selling it to warrantless cops

AT&T's secret Hemisphere product is a database of calls and call-records on all its customers, tracking their location, movements, and interactions -- this data was then sold in secret to American police forces for investigating crimes big and small (even Medicare fraud), on the condition that they never reveal the program's existence.

The gag order that came with the data likely incentivized police officers to lie about their investigations at trial -- something we saw happen repeatedly in the case of Stingrays, whose use was also bound by secrecy demands from their manufacturers. Because the data was sold by AT&T and not compelled by government, all of the Hemisphere surveillance was undertaken without a warrant or judicial review (indeed, it's likely judges were never told the true story of where the data being entered into evidence by the police really came from -- again, something that routinely happened before the existence of Stingray surveillance was revealed).

The millions given to AT&T for its customers' data came from the federal government under the granting program that also allowed city and town police forces to buy military equipment for civilian policing needs. Cities paid up to a million dollars a year for access to AT&T's customer records.

A statement of work from 2014 shows how hush-hush AT&T wants to keep Hemisphere:

The Government agency agrees not to use the data as evidence in any judicial or administrative proceedings unless there is no other available and admissible probative evidence.

But those charged with a crime are entitled to know the evidence against them come trial. Adam Schwartz, staff attorney for activist group Electronic Frontier Foundation, said that means AT&T may leave investigators no choice but to construct a false investigative narrative to hide how they use Hemisphere if they plan to prosecute anyone.

EFF is suing the US government to reveal DoJ records on the use of Hemisphere data.

Nagware makers Microsoft have come under fire from France's National Data Protection Commission (CNIL) over Windows 10 collecting too much data about users.

CNIL has ordered Microsoft to comply with the French Data Protection Act within three months. The company has been ordered to stop collecting excessive data and tracking browsing by users without their consent .

In addition to this, the chair of CNIL has notified Microsoft that it needs to take satisfactory measures to ensure the security and confidentiality of user data . The notice comes after numerous complaints about Windows 10, and a series of investigations by French authorities which revealed a number of failings on Microsoft's part.

The CNIL particularly notes Windows 10's telemetry 'service' which gathers information about the apps users have installed and how long each is used for. The complaint is that these data are not necessary for the operation of the service .

The company is also criticized for its lack of sufficient security -- such as the four-digit PIN used to protect payment information which does not have a limit on the number of guesses that can be made. The CNIL's list of complaints does not end there. It also took exception to the activation of an advertising ID for tailored advertising without user consent, the lack of cookie blocking options, and the fact that data is being transferred out of Europe to the US.

The US authorities are set to add questions to immigration arrivals forms asking for IDs used on social media such as Facebook and Twitter. Reports suggest that it is supposedly voluntary to provide such information, but it wouldn't be difficult to drop a few hints, that those not providing such info may not be granted entry, to make it more or less mandatory.

A Notice by the U.S. Customs and Border Protection (CBP) on 06/23/2016 detailed the new question:

CBP Forms I-94 (Arrival/Departure Record) and I-94W (Nonimmigrant Visa Waiver Arrival/Departure Record) are used to document a traveler's admission into the United States. These forms are filled out by aliens and are used to collect information on citizenship, residency, passport, and contact information. The data elements collected on these forms enable the Department of Homeland Security (DHS) to perform its mission related to the screening of alien visitors for potential risks to national security and the determination of admissibility to the United States.

Proposed Changes

DHS proposes to add the following question to ESTA and to Form I-94W:

Please enter information associated with your online presence -- Provider/Platform -- Social media identifier.

It will be an optional data field to request social media identifiers to be used for vetting purposes, as well as applicant contact information. Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.

Facebook has been fined 100,000 euros in Germany after failing to follow orders regarding clearer privacy terms and conditions for users.

The regional court of Berlin ruled that the company did not sufficiently alter the working of an intellectual property clause in its terms and conditions, despite being told to do so following a complaint filing by the Federation of German Consumer Organizations. The entity's head, Klaus Mueller, said that Facebook keeps attempting to evade customer laws in Germany as well as in the entire continent.

In March 2012, a German court originally ruled that the company's terms and conditions were vague on the extent to which it could go with users' data and intellectual property, implying Facebook could license its users' photos and videos to third parties for business reasons. However, the authorities' primary issue was Facebook's compliance with the US government to provide data for its mass surveillance programs. After Edward Snowden's revelations on the US government's spying programs and how the tech industry complies, the issue has gained more gravity.

While Facebook complied with the ruling four years ago, the Berlin court now concludes that it merely changed the wording of the clause in question without changing the message that it conveyed. Meanwhile, the company defended itself saying that it had complied with the original ruling and was issued the fine because it couldn't implement the changes quickly enough.

The Electronic Frontier Foundation (EFF) has launched version 2.0 of its tracking and fingerprinting detection tool, Panopticlick .

This version brings new tests to our existing tool, such as canvas and touch-capability fingerprinting, updating its ability to uniquely identify browsers with current techniques.

In addition, it adds a brand new suite of tests that detect how well your browser and extensions are protecting you from:

1. tracking by ads;
2. from tracking by invisible beacons; and also
3. whether they encourage compliance with the Do Not Track policy , which EFF and a coalition of allies launched earlier this year.

We've also redesigned the site look and feel, including friendlier layout on mobile devices. If your browser lacks protections, Panopticlick 2.0 will recommend installing tools that are available on your platform, such as Privacy Badger , Disconnect or AdBlock , in order to get better protections as you navigate the Web.