Archive for the ‘Privacy Rights’ Category
If you haven’t heard the term technocracy, please look it up and learn about the state we are in.
Meet Vigilant Solutions – The Private Company Storing 2.2 Billion License Plate Photos & Selling the Data
Vigilant Solutions is a company that will be familiar to longtime Liberty Blitzkrieg readers. It was first highlighted in the early 2014 post, Department of Homeland Security Moves to Install National License Plate Tracking System, in which we learned the following:
The Department of Homeland Security wants a private company to provide a national license-plate tracking system that would give the agency access to vast amounts of information from commercial and law enforcement tag readers, according to a government proposal that does not specify what privacy safeguards would be put in place.
The national license-plate recognition database, which would draw data from readers that scan the tags of every vehicle crossing their paths, would help catch fugitive illegal immigrants, according to a DHS solicitation. But the database could easily contain more than 1 billion records and could be shared with other law enforcement agencies, raising concerns that the movements of ordinary citizens who are under no criminal suspicion could be scrutinized.
The agency said the length of time the data is retained would be up to the winning vendor. Vigilant Solutions, for instance, one of the leading providers of tag-reader data, keeps its records indefinitely.
Fast forward two years, and “could easily contain 1 billion records” sounds trite compared to the reality. According to a recent article inThe Atlantic, Vigilant Solutions has already has taken 2.2 billion license plate photos, and is adding more at a clip of 80 million per month.
From the Atlantic:
Throughout the United States—outside private houses, apartment complexes, shopping centers, and businesses with large employee parking lots—a private corporation, Vigilant Solutions, is taking photos of cars and trucks with its vast network of unobtrusive cameras. It retains location data on each of those pictures, and sells it.
It’s happening right now in nearly every major American city.
The company has taken roughly 2.2 billion license-plate photos to date. Each month, it captures and permanently stores about 80 million additional geotagged images. They may well have photographed your license plate. As a result, your whereabouts at given moments in the past are permanently stored. Vigilant Solutions profits by selling access to this data (and tries to safeguard it against hackers). Your diminished privacy is their product. And the police are their customers.
The company counts 3,000 law-enforcement agencies among its clients. Thirty thousand police officers have access to its database. Do your local cops participate?
If you’re not sure, that’s typical.
The company dismisses the notion that advancing technology changes the privacy calculus in kind, not just degree. An executive told The Washington Post that its approach “basically replaces an old analog function—your eyeballs,” adding, “It’s the same thing as a guy holding his head out the window, looking down the block, and writing license-plate numbers down and comparing them against a list. The technology just makes things better and more productive.” By this logic, Big Brother’s network of cameras and listening devices in 1984 was merely replacing the old analog technologies of eyes and ears in a more efficient manner, and was really no different from sending around a team of alert humans.
More abuses seem inevitable as additional communities adopt the technology (some with an attitude expressed with admirable frankness by an official in a small Florida city: “We want to make it impossible for you to enter Riviera Beach without being detected.”)
“During the past five years, the U.S. Department of Homeland Security has distributed more than $50 million in federal grants to law-enforcement agencies—ranging from sprawling Los Angeles to little Crisp County, Georgia, population 23,000—for automated license-plate recognition systems,” the Wall Street Journal reports. As one critic, California state Senator Joe Simitian, asked: “Should a cop who thinks you’re cute have access to your daily movements for the past 10 years without your knowledge or consent? I think the answer to that question should be ‘no.’”The technology forms part of a larger policing trend toward infringing on the privacy of ordinary citizens. “The rise of license-plate tracking is a case study in how storing and studying people’s everyday activities, even the seemingly mundane, has become the default rather than the exception,” The Wall Street Journal explains. “Cellphone-location data, online searches, credit-card purchases, social-network comments and more are gathered, mixed-and-matched, and stored. Data about a typical American is collected in more than 20 different ways during everyday activities, according to a Wall Street Journalanalysis. Fifteen years ago, more than half of these surveillance tools were unavailable or not in widespread use.”
Just the latest example of what can happen to a country when much of the citizenry is apathetic and ignorant.
For related articles, see:
In Liberty, Michael Krieger
In today’s climate, it really appears that data and metadata are a form of currency all on their own. We are being spied upon, catalogued,scrutinized and inspected, by unthinking programs and algorithms and every kind of “smart” thing that is out there. Sadly, all of this is made possible by those who want to control us. They figure that the more information they have, the more “secure” they can make things, but it simply isn’t possible. It’s the quintessential internet conundrum. The fact is, the internet is great because it can’t be controlled…And that is also the biggest negative of the internet.
Anyway, here is a story I came across that doesn’t appear to be getting much play at all. Maybe it’s just because of the holidays. Maybe it’s because of the issue with the Democrat database between Sanders and Clinton. Maybe no one actually cares anymore!
Database of 191 million U.S. voters exposed on Internet: researcher
An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the open Internet due to an incorrectly configured database, he said on Monday.
The database includes names, addresses, birth dates, party affiliations, phone numbers and emails of voters in all 50 U.S. states and Washington, researcher Chris Vickery said in a phone interview.
Vickery, a tech support specialist from Austin, Texas, said he found the information while looking for information exposed on the Web in a bid to raise awareness of data leaks.
Vickery said he could not tell whether others had accessed the voter database, which took about a day to download.
While voter data is typically considered public information, it would be time-consuming and expensive to gather a database of all American voters. A trove of all U.S. voter data could be valuable to criminals looking for lists of large numbers of targets for a variety of fraud schemes.
“The alarming part is that the information is so concentrated,” Vickery said.
Vickery said he has not been able to identify who controls the database, but that he is working with U.S. federal authorities to find the owner so they can remove it from public view. He declined to identify the agencies.
A representative with the Federal Bureau of Investigation declined to comment.
A representative with the U.S. Federal Elections Commission, which regulates campaign financing, said the agency does not have jurisdiction over protecting voter records.
Regulations on protecting voter data vary from state to state, with many states imposing no restrictions. California, for example, requires that voter data be used for political purposes only and not be available to persons outside of the United States.
Privacy advocates said Vickery’s findings were troubling.
“Privacy regulations are required so a person’s political information can be kept private and safe,” said Jeff Chester, executive director of the Washington-based Center for Digital Democracy. The leak was first reported by CSO Online and Databreaches.net, computer and privacy news sites that Vickery said helped him attempt to locate the database’s owner.
CSO Online said the exposed information may have originally come from campaign software provider NationBuilder because the leak included data codes similar to those used by that firm.
In a statement, NationBuilder Chief Executive Officer Jim Gilliam said the database was not created by the Los Angeles-based company, but that some of its information may have come from data it freely supplies to political campaigns.
“From what we’ve seen, the voter information included is already publicly available from each state government, so no new or private information was released in this database,” Gilliam said.
(This story has been refiled to correct penultimate paragraph to remove extraneous word “his”)
(Reporting by Jim Finkle and Dustin Volz; Editing by Jonathan Oatis)
(Click on title to go to the source)
A shorter version of this post ran as an op-ed in the San Jose Mercury News on October 6, 2015.
The ubiquitous blue “Like” or “Share” buttons that you see all over the Internet are hiding an ugly secret. Starting this month, Facebook will use them to track your visit to every Web page that displays the buttons—even if you don’t click on anything. Facebook will use the data it collects to build a detailed dossier of your browsing habits, meticulously logging every site you visit, so it can finally learn those last few details about your life that it doesn’t already know. And there’s nothing you can do about it, short of staying totally logged out of the social media site or tracking down and installing a special browser extension to protect from this kind of sneaky behavior.
And who wants to bother? Yeah it’s creepy, but maybe you don’t care enough about a faceless corporation’s data mining to go out of your way to protect your privacy, and anyway you don’t have anything to hide. Facebook counts on that shrug of your shoulders; indeed its business model depends on our collective confusion and apathy when it comes to privacy. And that’s wrong, as a matter of business ethics and arguably in a legal sense as well.
Facebook’s response to criticism of the new massive increase in tracking has been to claim that it’s not a problem because the company allows users to opt out of the program. But that excuse—and others like it across the industry—is disingenuous and fundamentally unfair in two important ways. First, when users opt out, Facebook doesn’t actually stop tracking their browsing habits. It merely stops showing the user so called “interest-based” ads. In other words, Facebook doesn’t allow us to opt out of being tracked all over the Internet; it merely allows us to hide that fact from ourselves.
Second and more importantly, the new tracking violates consumers’ expectations. The Federal Trade Commission’s longstanding Fair Information Practice Principles begin with the concepts of notice and choice. Companies are expected to make consumers aware of information collection and give consumers control over how their information is used. When we click a “Like” button, we expect Facebook to take note. But when we visit a website and don’t click the button, we’re given no indication whatsoever that Facebook is still keeping track of that visit, much less given the ability to control what Facebook does with that information.
Of course, Facebook is hardly the only offender. Google and its manufacturing partners have been shipping millions of low-cost notebook computers, known as Chromebooks, to schools around the country for use by students in the classroom and at home. The devices are wonderful—powerful, secure, and easy to use. And they come with “completely free” Google Apps for Education services including classroom tools, email, document collaboration, and calendaring, among others.
Google’s Chromebooks as used in schools also come with “Chrome Sync” enabled by default, a feature that sends the student users’ entire browsing trail to Google, linking the data collected to the students’ accounts which often include their names and dates of birth. Google notes that the tracking behavior can be turned off by the student or even at a district level. But as shipped, students’ Chromebooks are configured to send every student’s entire browsing history back to Google, in near real time. That’s true even despite Google’s signature on the “Student Privacy Pledge” which includes a commitment to “not collect … student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.”
EFF and other digital privacy groups have been actively engaged with the technology sector in an attempt to convince companies to place meaningful limits on various forms of consumer tracking. Earlier this year, EFF, along with eight other privacy organizations, left a multi-stakeholder process intended to develop a privacy-friendly set of best practices for companies using facial recognition, led by the National Telecommunications Information Administration. We insisted that companies must give regular people the choice of whether to participate in a face recognition database, or, in other words, operate their facial recognition systems on an opt-in basis. Our demand isn’t crazy; it is already the law in Europe. But when the companies made it clear that in this country they were only willing to provide an opt-out for people who proactively put themselves on a do-not-track list, we walked out. There was no point to our continued participation in a process dominated by companies who insist on maintaining a privacy model that depends on consumers not knowing their rights, or even the fact they’re being tracked.
It’s incredibly difficult for even the most concerned consumers to figure out who’s collecting data about them, much less exercise any control over what companies do with that data. It took us at EFF some serious research—and an hour-long conference call with Google engineers, lawyers, and PR reps—to figure out how Google treats student-browsing data. Because the companies make it so difficult for privacy-conscious consumers to figure out when, where, and how they’re being tracked, users are left with only one real choice: apathy, which companies then use as an excuse to further escalate and obscure their tracking behavior.
There is no excuse for making it so difficult to get the answers to questions as simple as “are you tracking our students?” Don’t even try asking the companies what they do with the behavioral data they’re gathering about us: other than using it for behavior advertising, they won’t say. And for those of us who have opted out of behavioral advertising, the companies have given no justification for continuing to collect our data. We have no way of knowing what they’re using our data for, and that’s a problem.
Companies across the tech industry claim that they honor our privacy and endeavor to treat users with respect. And I have no doubt that the vast majority of engineers, designers, and policy makers working in Silicon Valley want to do the right thing. My message to the companies then is this: if a new feature, system, or app will impact users’ privacy, just ask the users for their permission first. Providing an opt-out after the fact demonstrates a total lack of commitment to users and is fundamentally unfair.
If a business model wouldn’t work if users had to opt in, it deserves to fail.
For those of us opposed to Real ID, things just a rather large step in the wrong direction:
No card reader, no PIN pad, no touch-screen display — how you bank at your ATM could drastically change in the not-so-distant future. Citigroup is testing an automated teller machine made by Canton, Ohio-based Diebold that relies on your smartphone and perhaps an eye scan to dispense your cash.
Diebold’s so-called “Irving” system works like this: Let’s say you want to get $100 from your ATM. Instead of taking your bank card with you, you schedule your withdrawal ahead of time on your phone via your bank’s mobile app. When you walk up to the screenless machine, it identifies you in one of several ways: Near Field Communication (NFC, the same type of technology used in Apple Pay’s mobile payment service), QR Code (for Quick Response Code, a machine-readable bar code that’s been used extensively in Japan) or biometrics (scanning your iris, a technique that’s considered far more fail-safe than fingerprints as a form of ID).The machine then spits out the cash and you go on your merry way.
Diebold said the entire transaction could be completed in less than 10 seconds. The new system is more secure than traditional ATMs, in part because you wouldn’t need a card and wouldn’t have to punch in a PIN, the company said.
Since Irving is only in the testing phase, it’s unclear when — or if — these devices will be rolled out on a broader scale. Citi didn’t immediately return a call for comment.
Diebold also unveiled a second futuristic banking concept on Monday that it calls “Janus.” It’s a dual-sided terminal that can serve two customers at the same time for in-branch customer service.
“Our latest concepts embody a new era of banking and put the user experience at the top of the pyramid to connect consumers with their money when and how they see fit,” Frank Natoli, Diebold executive vice president, self-service technology, said in a press release
Facebook’s Use of Facial-Recognition Tool Draws Privacy Ire
by Rachel Adams-Heard
July 28, 2015 — 4:00 AM CDT
Updated on July 28, 2015 — 1:14 PM CDT
When you are identified in a picture on Facebook, biometric software remembers your face so it can be “tagged” in other photographs.
Facebook Inc. says this enhances the user experience. But privacy advocates say the company’s technology — which was shut off in Europe and Canada after concerns were raised — should only be used with explicit permission.
As commercial use of facial recognition technology grows to replace password log-ins, find people in photos and someday even customize displays for shoppers as they browse in stores, it’s raised privacy questions. That’s one reason the U.S. government is participating in a working group to develop rules for companies using facial recognition — even if those are voluntary.
“Face recognition data can be collected without a person’s knowledge,” said Jennifer Lynch, an attorney for the Electronic Frontier Foundation, a San Francisco-based privacy rights group. “It’s very rare for a fingerprint to be collected without your knowledge.”
Privacy groups such as Lynch’s last month cited the business community’s opposition to requiring prior consent as the reason they walked out on the government meetings. The Department of Commerce’s National Telecommunications and Information Administration, which sponsored the talks, plans to continue the process Tuesday without most of the privacy advocates.
“The process is the strongest when all interested parties participate and are willing to engage on all issues,” said Juliana Gruenwald, an agency spokeswoman.
Facebook defends its use of facial-recognition technology, a form of biometrics. It works by assigning numbers to physical characteristics such as distance between eyes, nose and ears in order to come up with a unique faceprint that can be used to identify someone when they’ve already been identified through tagging.
The technology powers a photo feature called “tag suggestions” that is automatically turned on when users sign up for a Facebook account. The suggestions are only made to a user’s friends.
“Tag suggestions make it easy for friends to tag each other in photos,” Facebook said in an e-mailed statement. “And when someone is alerted they’ve been tagged in a photo, it’s easier to take action, whether it’s commenting, contacting the person who shared it, or reporting it to Facebook.”
Users can opt-out at any time, Facebook said. But that requires that they change their settings.
“Facebook isn’t getting permission,” said Alvaro Bedoya, executive director of Georgetown University’s Center on Privacy & Technology, who walked out on the U.S. meetings. “Facial recognition is one of those categories of data where a very prominent and a very clear consent is necessary.”
The U.S. government’s approach to regulating use of face data by companies is inadequate, privacy activists said. They point to Europe, where strict privacy laws forced Facebook in 2012 to delete data collected for its tag-suggestion feature following a probe by Irish authorities. Tag suggestions have also been turned off in Canada.
“Of significant privacy concern is the fact that Facebook has the ability to combine facial biometric data with extensive information about users, including biographic data, location data, and associations with ‘friends,’” Canada’s Office of the Privacy Commissioner said in a 2013 report on facial recognition technology.
Companies such as Microsoft Corp., which is building facial recognition into Windows 10, and MasterCard, with its plan for selfie verification for online payments, require the download of an app or the purchase of hardware. Those acts can verify consent, privacy advocates say.
“It’s a complicated question,” said Carl Szabo, policy counsel for NetChoice, an association of Web companies such as Facebook, Google and Yahoo! Inc. “My concern is that if we go down this road, we’re not going to give this technology the opportunity to flourish and provide some of the really cool innovations that I can’t even think of today.”
‘Vote With Feet’
Szabo said he’s in favor of a code of conduct that would require companies using facial recognition to be transparent about their use of the technology with a notice or sign. That would allow consumers to “vote with their feet” if they feel uncomfortable, he said.
Facebook first started using facial recognition by licensing technology from another company, Face.com, which it acquired in 2012. Last month, Facebook introduced a new standalone app using the same technology as in tag suggestions called Moments, which groups photos in a user’s smartphone based on the faces identified. Photos can be shared with specific friends, as opposed to uploading them to Facebook.
The Menlo Park, California company’s current policy on facial recognition has made it the subject of a pending lawsuit in Illinois, which along with Texas has some of the nation’s strictest biometric privacy laws.
The lawsuit argues that Facebook didn’t notify users when updating its terms of service to disclose that the company collects facial data on users tagged in photos.
Photo publishing site Shutterfly Inc. is the subject of another pending lawsuit in Illinois that takes issue with the company’s photo tagging feature.
The fear that facial data can be used to track people may be overblown. It reveals “less information about your habits than most customers would reveal by carrying around a mobile phone that also tracks and shares location data,” Daniel Castro, vice president of the Information Technology and Innovation Foundation, a non-partisan think tank, said in an e-mail.
Coming up with rules for the technology is not “black and white,” said Nick Ahrens, vice president of privacy and cybersecurity at the Retail Industry Leaders Association, which has members including Nike Inc., J. Crew Group Inc., Dillard’s Inc. and Wal-Mart Stores Inc.
“I think transparency is the name of the game,” said Ahrens. But, “I don’t know if a sign on the door is the answer.”
(An earlier version corrected the headquarters of Facebook.)