Category Archives: Privacy

Overreach

Posted on by
Reply

Alphabet strikes again.

Google informs children when their parents are monitoring their account activity, the tech giant confirmed this month, with the company claiming that doing so is a way of balancing the interests of both parents and children.

Such “balancing” is not Google’s call. It’s not the decision anyone or any enterprise can make in place of the parents, with the narrowly bounded exception of a child’s endangerment—which in the present context is what parental monitoring is for. More broadly, the degree of privacy a child has—is accorded—while growing up is a parental decision and no one or no thing else’s. Full stop.

Alphabet, in commenting, pointed to both the UN Convention on the Rights of the Child and the recently passed UK Age Appropriate Design Code as examples of child-privacy advocacy to which it adheres. This is cynically disingenuous (my deliberate redundancy): Alphabet is not a UN agency, nor is it an arm of the British government. Nor is Alphabet subject to UN proscriptions anywhere or to British law outside of Great Britain.

It’s time to rein in this company. It’s intruded too far into the lives of ordinary Americans, this time unconscionably presuming to take the role of parents, usurping that from a child’s true parents.

Turning Children into Snitches

Posted on by
Reply

This time, it’s Vermont’s Republican governor.

Vermont Governor Phil Scott said during a press conference on Tuesday that schools in the state will include new questions during daily health checks about whether students and their parents attended gatherings outside of their households following the Thanksgiving holiday.

Never mind the carefully high-minded claimed motives for this—it’s trying to get children to denounce their parents to authorities.

This using the Wuhan Virus situation as an excuse to drastically increase government power has gotten ‘way out of hand.

Insufficient

Posted on by
Reply

Recall that Oracle and ByteDance have a proposal on the table for Oracle to take a minority partnership position in ByteDance’s TikTok.  In response to objections to that, some

Trump administration officials are looking to give American investors a majority share of the company that will take over the Chinese-owned video-sharing app TikTok[.]

Senators Marco Rubio (R, FL), Rick Scott (R, FL), Thom Tillis (R, NC), Roger Wicker (R, MI), Dan Sullivan (R, AK), and John Cornyn (R, TX), object to that, too.

Any deal between an American company and ByteDance must ensure that TikTok’s US operations, data, and algorithms are entirely outside the control of ByteDance or any Chinese-state directed actors, including any entity that can be compelled by Chinese law to turn over or access US consumer data.

The Senators are absolutely correct. Any fraction of ownership by a People’s Republic of China company that’s greater than zero is too much; giving, as it would, the PRC’s intelligence community access to all the data TikTok scoops up from the individuals and businesses that use it.

Internet Security

Posted on by
1

There is a move afoot—and it’s making significant progress—to develop and deploy a quantum computing Internet.

A group led by the US Department of Energy and the University of Chicago plans to develop a nationwide quantum internet that could be functional in about a decade and with the potential to securely transmit sensitive information related to national security and financial services.
“What we’re moving forward on is building out quantum networks [to] someday…turn into a full second internet, a parallel internet to the digital internet,” said Paul Dabbar, the Energy Department’s Under Secretary for Science.

That would be terrific if it actually comes to fruition. Especially this part:

“Literally anything that would be transmitted encrypted today would be suitable for the quantum internet in the future,” Mr [JPMorgan Chase & Co’s Managing Director, Head of Research and Engineering, Marco] Pistoia said in an email.

Of course, that includes the personal and business correspondence of US citizens.

A problem I have with such a development, though, is this:

“A quantum network, because of physics, is by definition completely secure,” Mr Dabbar said.

No. A quantum network is not the network to end all networks. Such a network is not because of physics…by definition completely secure.

A quantum network is completely secure because of physics as we understand physics today. Security is, and always will be, an arms race between the cryptographers and their evolutions on the one hand, and the hackers and their evolutions on the other.

The biggest threat to security is just this sort of complacency.

There are other problems, and they are not unique to quantum networks, either. One such is a basic denial of service attack, where the hacker doesn’t care a single bit about encryption—at least not directly—but only in denying user access to the network or any node on it. The motive for that denial may be petty vandalism, “protest,” extortion—give me that document you’ve got encrypted on your quantum subnet (so much for quantum encryption)—to any number of other not yet imagined reasons.

Another is the phishing expedition wherein an employee is suckered into taking some action that grants the hacker access to the network.

Then there’s that personal communication secrecy—a citizen’s wish to keep his private communications private, including from the prying eyes of Government. Quantum network use would extend the tension between a citizen’s right to keep private things private and Government’s often entirely legitimate, even urgent, need to know. That, though, is just part of the noise of republican democracy.

By all means, develop and deploy the quantum Internet; it would be a huge step forward in data protection. Sooner is better.

But don’t be complacent about its security. And don’t let up on the need to protect against other forms of attack.

Some Thoughts on TikTok

Posted on by
Reply

TikTok is a video messaging app that was developed in the People’s Republic of China and is owned by ByteDance, another PRC company. The Wall Street Journal published a Q&A on the app last Tuesday.

I have some thoughts, too.

For background, here are some of the data that TikTok collects just because you’re using it.

…location data and your internet address, according to its privacy policy, and it tracks the type of device you are using to access its platform. It stores your browsing and search history as well as the content of messages you exchange with others on the app.

How to locate your device in the Net, where you’ve been virtually, and what you say in your correspondence. That’s just for starters.

If you opt in, TikTok says it can collect your phone and social-network contacts, your GPS position, and your personal information such as age and phone number along with any user-generated content you post, such as photos and videos. It can store payment information, too. TikTok also gets a sense of what makes you tick. It can track the videos you like, share, watch….

Your physical location, and all that personally identifying information. It exposes your contacts, too, without their having any opportunity to reject “opting in.”

Now, some of the rest of the story:

Why is the US concerned?
Beijing performing mass data collection on American citizens….
…a vast database of information that could be used for espionage…if TikTok’s user data could be obtained by the Chinese government, that would enhance any such efforts. “You can use [artificial intelligence tools] to sort through it and find an awful lot of data….”

And this:

A TikTok spokesman said that the Chinese government has never asked the company for user data and that it would refuse such a request. “TikTok has an American CEO and is owned by a private company that is backed by some of the best-known US investors[.]”

This is a disingenuous claim. What the PRC has or has not done in the past in this regard is wholly irrelevant to what it can do. The more important thing, too, is what it can do. Under a PRC 2017 national intelligence law, all PRC companies and people are required to comply with any and all intel community requests for intel-related information. What is intel-related is determined by the intel community. Under the just-passed Hong Kong national security law, the PRC government has arrogated to itself the authority to go after any entity or person it deems a national security threat—wherever that entity or person is located, under whatever sovereign nation jurisdiction that entity or person resides, in the world.

TikTok, owned by ByteDance, is as subject to those laws as is ByteDance.

Does TikTok share any information with ByteDance, its China-based parent?
TikTok stores its data on American users on servers in the US and Singapore, but its website says that information can be shared with ByteDance or other affiliates.

Not only can be shared, but will be. Nor will it matter what firewalls ByteDance might claim to have erected between it and its subordinate—limiting the number of employees who have access to user data and the scenarios where data access is enabled, for instance—the parent organization can tear them down at will. And can be expected to, as necessary, to satisfy information demands from the PRC’s intel community.

As for those “other affiliates”—some of them may well be within the PRC.

What happens to your data if you quit TikTok?
Users can ask TikTok to delete their data, and the company has said in its policy that it will respond in a manner consistent with applicable law upon verifying your identity.

Users are supposed to believe TikTok’s wide-eyed innocent claim to have complied, even though they have no means of independently verifying TikTok’s assertion. But the kicker is that manner consistent with applicable law caveat. Two of those applicable laws are the PRC’s security laws mentioned above.

This is not a bit of software that should appear anywhere on anyone’s device.