Category Archives: Privacy

Another Facebook Fail

Posted on by
Reply

Chinese firms Huawei, Lenovo, Oppo and TCL were among numerous handset makers that were given access to Facebook data in what the US company said was “a controlled operation.”

The social media giant’s vice president of mobile partnerships, Francisco Varela, confirmed a report in The New York Times Tuesday that Facebook had given Chinese device makers deep access to the data of users’ friends without their explicit consent.

A “controlled operation.”  Meaning the accesses were deliberately granted, consents were deliberately not requested in advance.  Which raises the question: were any consents actively withheld and those denials ignored by Facebook?

Huawei already has been identified as a threat to our national security.  Lenovo is headquartered in Beijing, Oppo (Electronics Corporation) is headquartered in Dongguang near the south coast of the People’s Republic of China, and TCL is headquartered in Huizhou, just down the road a piece from Dongguang.  These three are each under the influence, if not the control, of the PRC government.  Facebook knew these things at the time they engaged in their “controlled operation.”

Here’s Varela again, this time in his best What, me worry? impression:

…we wanted to make clear that all the information from these integrations with Huawei was stored on the device, not on Huawei servers[.]

Well, that settles it, then.  Huawei has no way at all to copy data “stored on [its] device” to its servers.  Nope.  Can’t be done.

Sure.

A Concept of Privacy

Posted on by
Reply

Personal privacy and protections against warrantless searches got a boost from the Supreme Court earlier this week.

The Supreme Court said Tuesday that police need a warrant to search vehicles parked at private homes, the second time this month the justices rejected government arguments for expanding the “automobile exception” to Fourth Amendment rules against unreasonable searches.

The case at hand involved a stolen motorcycle parked in the driveway of a private residence and protected from the elements (and perhaps (even probably) from being seen by police) by a tarp.  A police officer recognized from Facebook postings the residence, saw the fact of a motorcycle under the tarp, entered the property, lifted the tarp, and looked over the motorcycle—all without a warrant.

Writing for the Court in an 8-1 decision, Justice Sonya Sotomayor wrote

Just like the front porch, side garden or area “outside the front window,” the driveway enclosure where Officer [David] Rhodes searched the motorcycle constitutes [the area where] activity of home life extends….

And

Given the centrality of the Fourth Amendment interest in the home and its curtilage and the disconnect between that interest and the justifications behind the automobile exception, we decline Virginia’s invitation to extend the automobile exception to permit a warrantless intrusion on a home or its curtilage[.]

Justice Samuel Alito was the lone dissenter.

…the officer should have been permitted to search the motorcycle visible in the driveway, just as he could have were it parked in a public street. “Officer Rhodes’s brief walk up the driveway impaired no real privacy interests,” he wrote.

Surprising out of Alito; it seems he doesn’t completely understand curtilage or of privacy.  Notwithstanding, I’d further curtail the motor vehicle exception* allowing warrantless searches to bar such from motor vehicles parked on the street in front of the vehicle owner’s residence (or beside it in the case of a corner lot) or parked in an apartment complex’s parking lot near the vehicle owner’s apartment or in the apartment renter’s designated parking slot.

 

*The motor vehicle exception to the requirement for search warrants allows warrantless searches based on a prohibition era ruling that motor vehicles were too mobile and could be moved before a warrant could be obtained.  That ruling was itself erroneous IMNSHO because it assumed that the police were incapable of keeping a motor vehicle under surveillance until the warrant arrived.

The FBI and Backdoors

Posted on by
Reply

Recall that the FBI has long wanted government-accessible backdoors into our personal but encrypted communications.  “Trust us,” FBI leadership assures us, “we wouldn’t misuse that access; we’ll only use for ‘criminal’ investigations, and only with government authorization.”  And they’ve claimed in support of that wide-eyed innocence that they can’t break into over 7,000 cell phones in the pursuit of criminal investigations.  Current FBI Director Christopher Wray even put the number at over 7,700.

However.

On Tuesday, the FBI told PCMag that a programming error resulted in a “significant overcounting” of the encrypted devices. “The FBI is currently conducting an in-depth review of how this over-counting previously occurred,” the agency said in a statement.

PCMag went on to cite the Washington Post as putting the actual number at around 1,200.

Oops, indeed.

According to the agency, starting in April 2016, it began using a new “collection methodology” with how it counted the encrypted devices. But only recently did the FBI become aware of flaws in the methodology, it said, without elaborating.

Right.

“Given the availability of these third-party solutions, we’ve questioned how and why the FBI finds itself thwarted by so many locked phones,” the Electronic Frontier Foundation said in a blog post.

Indeed.  Whether this government agency was being dishonest in its characterization of the encryption “problem,” or it was just being incredibly sloppy in using “collection methodology” that it has so plainly inadequately tested, this incident is just one more reason Government cannot be trusted with back doors into privately encrypted personal correspondence.

AI Surveillance

Posted on by
Reply

Police forces around the nation are on the verge of getting Artificial Intelligence assistance in identifying folks of interest to them in real time on our cities’ streets.  The image below and its caption illustrate the thing.

I’m all for assisting the police, especially regarding the subject of that cynically tear-jerking caption.  But this sort of thing needs to be looked at with a very jaundiced eye.  It isn’t too far away from what the People’s Republic of China already is doing in terms of routine surveillance and tracking of everyone.

It’s not that everything the PRC does is bad, but some things are inherently dangerous, no matter who developed them or uses them extensively.  This sort of technology can very easily become a direct assault on our ability to be anonymous in public spaces.

TaeWoo Kim, chief scientist at One Smart Labs, a New York-based startup that is working on such software, said the technology is “creepy and a bit Big Brother-y,” but said it is “purely intended to fight crime, terrorism and track wanted subjects.”

The road to Hell is paved with good intentions. Governments can’t be trusted with such capabilities, and we don’t even need to invoke nefarious intent or “Big Brother-y” conspiracies to see that. Governments will end up misusing, even abusing, this sort of thing just in the ordinary outcome of normal bureaucratic imperatives to justify the bureaucrat’s and his bureaucracy’s existence, to grow, to expand the bureaucracy’s power and budget.

William Bratton, the former commissioner of the NYPD, says that the public was similarly worried about DNA testing when the technology first emerged. The technology has been credited in freeing wrongfully convicted people from prison.

This is a false analogy, though.  DNA testing isn’t used for routine, real-time surveillance of the population or even of small groups or of individuals, and current technology doesn’t allow such use.  AI-based image surveillance technology lends itself to exactly that real-time watching.

Too Much Privacy?

Posted on by
Reply

That’s actually a serious question.

The firestorm over Facebook Inc’s handling of personal data raises a question for those pondering a regulatory response: is there such a thing as too much privacy?

And

Law-enforcement agencies rely on access to user data as an important tool for tracking criminals or preventing terrorist attacks. As such, they have long argued additional regulation may be harmful to national security.

Unfortunately, no government can be trusted with citizens’ privacy, as the Star Chamber secret FISA court, the FBI leadership (and not just the current or immediately prior crowd—recall J Edgar Hoover), prior DoJ leadership, the Robert Mueller “investigation,” and much more demonstrate.

If our government wants to learn things, it needs to get back into the HUMINT business rather than relying so much on hacking IT systems.  And get an honest warrant, not just a FISA one.