Online privacy

If the white nationalists and supremacists at the “Unite the Right” rally in Charlottesville (VA) were looking to be noticed, mission accomplished. A group of Twitter users — most notably the @YesYoureRacist account — have been publishing photos of the protestors on the social networking site and asking followers for help identifying them. One of the first to be identified on Aug 12 — a 20-year-old college student named Peter Cvjetanovic — told the Channel 2 news station in Reno (NV) that he “did not expect the photo to be shared as much as it was.” “I understand the photo has a very negative connotation,” he said. “But I hope that the people sharing the photo are willing to listen that I’m not the angry racist they see in that photo.” Cvjetanovic traveled to the “Unite the Right” march to protest the planned removal of a statue of Confederate Army General Robert E. Lee, he said, because “the replacement of the statue will be the slow replacement of white heritage within the United States and the people who fought and defended and built their homeland.”

Months before social-media company Snap publicly disclosed slowing user growth, rival Facebook already knew.

Late in 2016, Facebook employees used an internal database of a sampling of mobile users’ activity to observe that usage of Snap’s flagship app, Snapchat, wasn’t growing as quickly as before. They saw that the shift occurred after Facebook’s Instagram app launched Stories, a near-replica of a Snapchat feature of the same name. Facebook’s early insight came thanks to its 2013 acquisition of Israeli mobile-analytics company Onavo, which distributes a data-security app that has been downloaded by millions of users. Data from Onavo’s app has been crucial to helping Facebook track rivals and scope out new product categories.

Many experts say lack of trust will not be a barrier to increased public reliance on the internet. Those who are hopeful that trust will grow expect technical and regulatory change will combat users’ concerns about security and privacy. Those who have doubts about progress say people are inured to risk, addicted to convenience and will not be offered alternatives to online interaction. Some expect the very nature of trust will change.

Palantir had been selling its data storage, analysis, and collaboration software to police departments nationwide on the basis of rock-solid security. “Palantir Law Enforcement provides robust, built-in privacy and civil liberties protections, including granular access controls and advanced data retention capabilities,” its website reads. The scale of Palantir’s implementation, the type, quantity and persistence of the data it processes, and the unprecedented access that many thousands of people have to that data all raise significant concerns about privacy, equity, racial justice, and civil rights. But until now, we haven’t known very much about how the system works, who is using it, and what their problems are. And neither Palantir nor many of the police departments that use it are willing to talk about it.

Lawyers representing a man convicted of six robberies in the Detroit area have now filed their opening brief at the Supreme Court in one of the most important digital privacy cases in recent years. This case, Carpenter v. United States, asks a simple question: is it OK for police to seize and search 127 days of cell-site location information (CSLI) without a warrant? Previously, lower courts have said that such practices are compatible with current law. But the fact that the Supreme Court agreed to hear the case suggests that at least four justices feel that perhaps the law should be changed.

In Carpenter, as is the case in countless modern criminal cases, law enforcement was able to obtain the relevant records directly from the mobile phone provider with a court order that has less stringent requirements than a warrant. This is not a trivial distinction. A so-called "d-order" can be circumspect with how information is obtained by authorities. It does not, as the Fourth Amendment demands, require as much particularity. A warrant, unlike a d-order application, also mandates a signed and sworn affidavit ("on oath or affirmation"), as the Constitution requires, which describes the "places to be searched and the things to be seized." Carpenter's attorneys, many of whom are from the American Civil Liberties Union, argue in their filing that the current legal standard gives the government too much leeway. "If the Court were to accept this argument, the government could use this tool to monitor the minute-by-minute whereabouts of anyone—from ordinary citizens to prominent businesspersons to leaders of social movements," they wrote in their August 7 brief.

The Walt Disney Co secretly collects personal information on some of their youngest customers and shares that data illegally with advertisers without parental consent, according to a federal lawsuit filed late last week in California. The class-action suit targets Disney and three other software companies — Upsight, Unity and Kochava — alleging that the mobile apps they built together violate the law by gathering insights about app users across the Internet, including those under the age of 13, in ways that facilitate “commercial exploitation.”

The plaintiffs argue that Disney and its partners violated COPPA, the Children’s Online Privacy Protection Act, a federal law designed to protect the privacy of children on the Web. The lawsuit, filed in U.S. District Court for the District of Northern California, seeks an injunction barring the companies from collecting and disclosing the data without parental consent, as well as punitive damages and legal fees. The lawsuit alleges that Disney allowed the software companies to embed trackers in apps such as “Disney Princess Palace Pets” and “Where’s My Water? 2.” Once installed, tracking software can then “exfiltrate that information off the smart device for advertising and other commercial purposes,” according to the suit. Disney should not be using those software development companies, said Jeffrey Chester, the executive director of the Center for Digital Democracy. “These are heavy-duty technologies, industrial-strength data and analytic companies whose role is to track and monetize individuals,” Chester said. “These should not be in little children’s apps.”

Verizon has a new rewards program out, called Verizon Up, which awards users a credit for every $300 they spend on their Verizon bill that can be redeemed toward various rewards. Customers will be able to get rewards such as “Device Dollars toward your next device purchase, discounts on an accessory, or partner rewards,” along with other surprise offerings and first-come, first-serve ticket opportunities, which all seems like a nice occasional thing to get for regularly paying your cellphone bill.

But, the new program comes with a pretty big catch: you have to enroll in Verizon Selects, a program that allows the company to track a huge chunk of your personal data. That includes web browsing, app usage, device location, service usage, demographic info, postal or email address, and your interests. Furthermore, that data gets shared with Verizon’s newly formed Oath combination (aka AOL and Yahoo), plus with “vendors and partners” who work with Verizon. Which is kind of a long list of people who have access to what feels like a fairly significant amount of your data.

US companies are largely unprepared for what's about to hit them when sweeping new European Union data laws take effect in 2018. The regulation — the General Data Protection Regulation (or GDPR) — is intended to give users more control of how their personal data is used and streamline data processes across the EU. Companies that fail to comply with the complex law will face steep fines of up to 4% of their global annual revenue.

Europe has by far taken the most aggressive regulatory stance on protecting consumer privacy and will in many ways be a litmus test for regulating the currency of the data economy. It impacts a huge number of businesses from advertisers to e-commerce platforms whose data flows through EU countries. That means everyone from Google to your neighbor who sells shoes on eBay could be affected.

The Electronic Privacy Information Center (EPIC), a prominent privacy rights watchdog, is asking the Federal Trade Commission to investigate a new Google advertising program that ties consumers’ online behavior to their purchases in brick-and-mortar stores.

The legal complaint, to be filed with the FTC on July 31, alleges that Google is newly gaining access to a trove of highly sensitive information -- the credit and debit card purchase records of the majority of US consumers -- without revealing how they got the information or giving consumers meaningful ways to opt out. Moreover, the group claims that the search giant is relying on a secretive technical method to protect the data -- a method that should be audited by outsiders and is likely vulnerable to hacks or other data breaches. “Google is seeking to extend its dominance from the online world to the real, offline world, and the FTC really needs to look at that,” said Marc Rotenberg, the organization’s executive director. EPIC alleges that if consumers don’t know how Google gets its purchase data, then they cannot make an informed decision about which cards not to use or where not to shop if they don’t want their purchases tracked. The organization points out that purchases can reveal medical conditions, religious beliefs and other intimate information.

LinkedIn may very well succeed in its effort to stop a San Francisco (CA) startup from using the data of its members. But the Sunnyvale (CA) company, now a division of Microsoft, has certainly lost the moral high ground. In fact, the job-hunting and networking site is guilty of blatant hypocrisy. HiQ Labs makes software that analyzes data from public LinkedIn profiles to help employers determine which workers are likely to leave or stay. But at a hearing at U.S. District Court in San Francisco, lawyers representing LinkedIn argued that HiQ was causing significant harm to its business because members expected LinkedIn to protect their privacy. LinkedIn’s most valuable currency is “trust with customers,” said Donald Verrilli, a partner with Munger, Tolles & Olson law firm in Washington. That sounds very noble. But the very idea of a social media giant serving as the champion of privacy rights seems suspect. When a service tells you it’s free, that means it’s making money another way. And more likely than not, you’re the product.