Here are this week’s surveil-links: reading and summarizing the latest news in digital privacy so you don’t have to.
You can easily, and slightly more privately, navigate to each link by browsing to “surveil.link/” followed by the link’s corresponding number. For example, surveil-link #12 can be found at surveil.link/12.
Most major browsers now block known implementations of supercookies. As covered in surveil-link #7, supercookies can be hard to block because there are a number of ways to implement them. But how exactly do they work? Fast Company wrote a great and quick educational overview that explains the privacy invading mechanism quite succinctly.
Note: In surveil-link #7 Surveillance Today reported that Firefox was the first browser to add supercookie blocking. That is not the case. As mentioned in the Fast Company piece, Chrome did so in late-2019. I regret the error.
This past summer, in the wake of protests in response to the murder of George Floyd, the Wikileaks-style website Distributed Denial of Secrets — or DDoSecrets — released what was dubbed “Blueleaks,” a dump of thousands of police documents of over 200 police departments across the U.S. Last week, the Austin American-Statesmen reported on documents therein concerning a fusion center — similar to the one mentioned in surveil-link #16 last week — and a network of “threat liaisons.” According to the American-Statesmen, there are 1,400 liaisons in the Austin, Texas area, 300 of which are private citizens.
These liaisons are tasked with reporting “anything they suspect could be tied to criminal or terroristic activity” to the fusion center. Among things reported was a peaceful demonstration of high-schoolers, “anti-police rhetoric” social media posts, and a woman purchasing 60 gas masks.
Utah-based genome company Ancestry, in their latest transparency report, states that they received two requests for access to its DNA database from law enforcement, TechCrunch reports. Ancestry “challenged both of these requests, which were withdrawn.” In the same report, Ancestry also says that it “refused numerous inquiries” from law enforcement that failed to get a proper subpoena or warrant.
This is a great reminder of how the data consumers give to tech companies can end up in the hands of law enforcement. It’s also worth noting that Ancestry’s pushback to law enforcement is the exception, and not the norm.
The European Data Protection Supervisor, Wojciech Wiewiorówski, one of the European Union’s top data privacy officials, called on the European Commission to amend their already proposed Digital Services Act to “include a phase-out leading to a prohibition of targeted advertising.” TechCrunch reports that the EDPS’ opinion is likely a “pre-emptive push against attempts to water down” the DSA. As it is currently written, the proposal already aims to heavily regulate targeted ads. Time will tell if the Commission takes the EDPS’ suggestion into account.
Sometime last week, app developers received a seven day heads up to remove all code from Predicio, Motherboard reports. Predicio is a location data broker who, according to Motherboard, pays application developers to use their code in exchange for their users’ locations harvested by that same code.
Motherboard also reported on Predicio last month in an investigation that showed the code was being used in Salaat First, a popular Muslim prayer app with over ten million downloads. Sound familiar? That’s because it’s eerily similar to surveil-link #6 from two weeks ago, only X-Mode was the data broker and Muslim Pro was the prayer app. Another Motherboard investigation in December linked Predicio to Venntel, yet another data broker known to sell location data to the U.S. Immigration and Customs Enforcement, Customs and Border Patrol, and the FBI.
This is the fourth week in a row that location data being harvested and sold has made the surveil-links. Please do check all the apps that you are sharing your location with. You may be surprised how many there are, some that may not even need it at all. And to Motherboard, keep up the good reporting.
BuzzFeed News reports that Clearview AI, the same facial recognition discussed in surveil-link #19, applied for a patent in August 2020 that described what the company sees as the potential applications of their facial recognition technology. The patent application claims “a strong need exists for an improved method and system to obtain information about a person” and provides business or dating relationships as examples. It says it could be used to identify a “homeless person,” “sex offender,” or a person with a “mental issue or handicap.”
Clearview made it clear to Buzzfeed that they have no intention of launching a “consumer-grade version of Clearview AI.” Then why such statements in the patent application? Buzzfeed notes that the broad application is likely strategic to avoid potential lawsuits later down the line.
Surveil-link #28: U.S. Judge rules warrantless search of electronic devices at border is constitutional
Last Wednesday, U.S. Judge Sandra Lynch from the First Circuit Court of Appeals ruled that the “reviewing and copying data without a warrant” of electronic devices at the U.S. border is perfectly legal, the Verge reports. In her ruling, Judge Lynch said these search policies are “within permissible constitutional grounds,” and justifies the decision by saying that “searches of electronic devices do not involve an intrusive search of a person.”
This reverses a November 2019 opinion in the same case which the Electronic Frontier Foundation called an “historic opinion for digital privacy at the border.” The Verge points out that the reversal is particularly concerning because “it applies to federal agents working within 100 miles of the US border — an area that covers most metropolitan areas.”
Total Telecom reports that last Wednesday, the EU reached a compromise on a hotly-debated regulation that would replace what is known as the ePrivacy directive, a 2002 European law regulating the privacy of digital communications. The new regulation, originally proposed in 2017, is known as the ePrivacy regulation. Yes, I thought it was confusing as well. The regulation is meant to replace the directive with laws better aligned with the EU’s General Data Protection Regulation. GDPR mandates how companies that gather data on EU citizens can handle and treat that data, as well as requires them to guarantee the ability to delete that data upon request.
To be completely honest with you, in the minimal time I was able to research the controversy over the compromise reached in the ePrivacy regulation, I’m still not entirely sure what is controversial about it nor what it set out to do in the first place. I do know that many privacy advocate groups such as Access Now are not happy about it. I hope to dive deeper into the topic and do an in-depth article about it soon. For now, please take this surveil-link and don’t say I didn’t try.
Surveil-link #30: If you missed it, check out Surveillance Today’s special on the surveillance endured by Martin Luther King Jr.
Yes, this is a shameless self-plug, but if you missed my piece released on Sunday all about the FBI surveillance that plagued Martin Luther King during his world-famous quest for racial justice, you should go read it. I put a lot of work into it because, you know, something something, fail to learn history, something something, doomed to repeat it. Something like that, right?