Here are this week’s surveil-links: reading and summarizing the latest news in digital privacy so you don’t have to.
You can easily, and slightly more privately, navigate to each link by browsing to “surveil.link/” followed by the link’s corresponding number. For example, surveil-link #12 can be found at surveil.link/12.
BuzzFeed News reported this past week that Facebook’s vice president of augmented and virtual reality, Andrew Bosworth, told employees in an internal meeting that the company is “currently assessing whether or not it has the legal capacity to offer facial recognition” in its smart glasses product set to be released sometime this year.
He reportedly noted that laws such as Illinois’ Biometric Information Privacy Act may make this difficult, thus nothing is set in stone. Facebook was fine $650 million last year for a violation of this law.
Expanding on the benefits, Bosworth said that facial recognition could assist someone wearing the glasses to recognize people at a party or help individuals suffering from face blindness. Though employees rightly pointed out the “real-world harm” of “stalkers” and the like.
Surveil-link #51 - Attempting to catch sleeping employee, Wisconsin school district invades students' privacy
Isthmus reported last week that top officials of the Madison school district in Wisconson installed cameras hidden inside smoke detectors in attempt to catch a night-shift janitor they believed was sleeping on the job. The operation was carried out unbeknownst to school staff, the district Superindendent, and the district's security consultant. The cameras were placed in a coach's office and "a room where special needs students undress and have their diapers changed." In an email, the district Superintendent Carlton Jenkins stated the areas "contained furniture conducive to sleeping." Jenkins was not Superintendent at the time of the incident. I was approved and carried out by the district's Director of Labor Relations.
The placement of the cameras violates district policy in more way than one. Footage from the camera was only saved for two weeks before it was concluded they wouldn't get any evidence against the janitor. However, according to the school electrician who installed the cameras, they were still providing a live stream of the rooms for ten months.
Surveil-link #52 - How Massachusetts privacy advocates struck a deal with their governor concerning facial recognition
In December 2020, Massachusetts became the first state whose legislature passed a bill to ban the use of facial recognition by law enforcement statewide. But the ban, part of a larger police reform bill, was removed after Governor Charlie Baker refused to approve a ban on the technology citing its use in two different cases.
Governor Baker ammended the bill to enact strict guardrails before the technology is used. As reported by the New York Times, "police first must get a judge’s permission before running a face recognition search, and then have someone from the state police, the F.B.I. or the Registry of Motor Vehicles perform the search. A local officer can’t just download a facial recognition app and do a search." The Times also reports that, according to Massachusetts state lawmakers, the compromise can be credited to ACLU of Massachusetts activist Kade Crockford.
Both Facebook and Apple launched new ad campaigns this week, the latest in the quarrel over user tracking and targeted advertising between the two companies which has been covered in surveil-links #10 and #20. Apple's ad, entitled "Privacy. That's iPhone." portrays people shouting their internet activities in public places, clearly implying you may as well be doing just that with the data you hand over to Facebook and other online advertisers.
Facebook's on the other hand plays into their argument that Apple's soon-to-be-rolled-out prompt requiring users to opt into apps tracking their activity will negatively impact small business owners. Carrying the title "Good Ideas Deserve To Be Found," the ad portrays business with products that one would typically find scrolling Facebook accompanied with lyrics implying Facebook's targeted advertising gives business making such products an even playing field with larger vendors and manufacturers.
For your entertainment, I have included both ads below, because, let's be honest, the public jabs between Tim Cook and Mark Zuckerberg escalating to online ads is pretty damn entertaining.
Enjoying the content? Subscribe and get it directly to your inbox!
Apple - Privacy. That’s iPhone.
Facebook - Good Ideas Deserve To Be Found
Surveil-link #54 - Civil rights groups call Biden's proposed use of border surveillance tech "Trump's wall by another name"
In a statement released Thursday, immigration and privacy advocacy groups called the Biden administration's push for more surveillance at the U.S. border a "continuation of the Trump administration’s racist border policies, not a break from it." The 353-page bill, which the Hill refers to as "mammoth," dedicates three of those pages to "deploying smart technology at the southern border" and "independent oversight of privacy rights" (sections 2302 and 2303, respectively). It gives the Department of Homeland Security the ability to determine what technologies should be used to "expand the ability to detect illicit activity."
The activists' statement outlines several technologies deployed by the Trump administration and currently in use at the border that are concerning including facial recognition, automatic license plate readers, DNA collection, and iris scanners. They also argue that "border enforcement policies have long served as a testing ground for military grade surveillance at the border and far into the interior," noting that border drones were used to surveil racial justice protesters this past summer.
The immigration bill does call for "a comprehensive assessment of the . . . technologies . . . that are currently in use along the southern border" and "an explanation for why each technology . . . was recommended."
Surveil-link #55 - ICE is using commercially available databases of utility accounts to track immigration violations
The Washington Post reports that it obtained documents showing the U.S. Immigration and Customs Enforcement's paid use of CLEAR a private database of utility accounts, such as gas and electricity. The database is sold by the Thomson Reuters Foundation -- who ironically was the source of surveil-link #40 -- who actively advertises its use to law enforcement. According to the Post, the data set includes "billions of records related to people’s employment, housing, credit reports, criminal histories and vehicle registrations from utility companies in all 50 states, D.C., Puerto Rico, Guam and the U.S. Virgin Islands" and is updated daily.
This is another great example of law enforcement getting around the need for a warrant and obtaining data they feel they need for an investigation through commercial means. The U.S. House Committee on Oversight and Reform has already sent letters to Thomson Reuters to better understand the situation.
Surveil-link #56 - Amazon urges employees to drop union ballots inside recently-installed mailbox outside warehouse
Motherboard reports that USPS recently installed a mailbox outside an Amazon warehouse in Bessemer, Alabama where Amazon employees are set to vote whether or not to unionize. The mailbox installation comes after an onslaught of anti-union rhetoric from Amazon, including mailers, text messages, bathroom stall posters, and t-shirts. The union organizers even claim that Amazon's recent request to the city to recalibrate traffic lights was an attempt to hinder their efforts.
One such text message reads, "Voting has begun! The US Postal Service has installed a secure mailbox just outside the BHM1 main entrance, making mailing your ballot easy, safe, and convenient. Vote now! BE DONE BY 3/1!" Despite the prompt to "BE DONE BY 3/1," the employees have until March 29 to cast their ballots.
One Amazon employee at the facility says she's worried the prompt to use the mailbox is "so they can monitor us and gauge how many people are using the mailbox. I talked to workers and they say this box is making them feel rushed to make a decision." Another employee said, "if this mailbox isn't about the union election, then why wasn't it there before?"
The U.S. Office of the Inspector General is opening an investigation into the case of Keith Gartenlaub. Gartenlaub is an ex-Boeing employee who the FBI investigated in 2014 on suspicion of espionage. Thinking he was sharing military aircraft plans with the Chinese government, the FBI obtained a warrant from the Foreing Intelligence Surveillance Court to search Gartenlaub's computer. While they didn't find any evidence of espionage, they did find child pornography, for which he was convicted and has already served time for. Gartenlaub denies having knowledge of the graphic content found on his device.
Gartenlaub challenges the FBI's premise on which they obtained the warrant from the FISC, claiming they exaggerated his role at Boeing and that he never had access to the information he was accused of stealing. Gartenlaub's case is bolstered by findings from an inspector general investigation under Trump scrutinizing FISC warrant applications justifying the surveillance of a Trump campaign aide over alleged coordination with the Russian government. The investigation found 29 applications with "apparent errors or inadequately supported facts."
Documents obtained by Motherboard show that McDonald's has actively been surveiling its employees associated with the Fight for $15 campaign, a movement advocating for a hike in the U.S. federal minimum wage to $15 an hour. According to the documents, and two anonymous sources claiming to be ex-employees of McDonald's, the company employs a team of analysts in its Chicago and London offices looking for association and activity to Fight for $15. Motherboard states that among the tactics employed are "social media monitoring tools" and that the analysts "have attempted to use the tool to reconstruct the friends lists and networks of workers involved in the labor movement using fake Facebook personas."
McDonald's vehemently denies the accusation of using fake accounts and claims that the intelligence gathering is not at all related to labor organizing. Rather, their spokesperson claims the team is "focused on identifying any potential safety threats that could pose harm to our crew, franchisees, and customers." Motherboard claims it's common to equate union-busting to safetfy percautions, noting that Amazon did the same thing when Motherboard revealed last November the retail giant had hired Pinkerton operatives to surveil and curtail union efforts within its warehouses.
Last week, ThreatPost reported that an extension for the Firefox browser, known as FriarFox, was actually a malicious extension developed by a hacking group believed to be associated with the Chinese government. It started with an email containing a malicious link purported to be from the Dalai Lama sent to Tibetan residents. Should the user click the link, malicious code then scans their browser to see if they are using Firefox and currently logged into a Gmail account. A download then begins disguised as an Adobe Flash update and users are prompted to approve the extension's permissions. If accepted, the extension gave the attackers complete, unfettered access to their Gmail accounts allowing them to read and send email on their target's behalf.
A couple lessons can be learned here. First, the email was sent from a Gmail address, not from one with a domain associated withe Dalai Lama in anyway. Second, Adobe Flash is no longer developed nor supported by Firefox. To be fair, that is a fairly recent development, though the software's use has been strongly discouraged for a number of years now. Third, the extension was requesting far-reaching permissions. As such, always be wary of emails from important people you're not expecting, just say no to Flash, and don't approve the installation of a browser extension requesting access to your Gmail account.
Surveil-link #60 - Indian government asks Google, Facebook, Twitter, and Zoom for data on climate activists
The Indian government has recently asked Google, Facebook, Twitter, and Zoom for the data surrounding a document circulated among and disseminated widely by climate activists throughout the country and beyond. Namely, an activist that a judge recently ruled was wrongly imprisoned, Disha Ravi. Ravi, an associate of the well-known climate activist Greta Thunberg, allegedly collaborated on the document, a "toolkit" for Indian activists to challenge their government's inaction and denial of climate change.
According to the Intercept, the Dehli police have leaked many of Ravi's private communications and have petitioned the tech companies for more. Specifically they want a list of attendees of a particular Zoom meeting and information surrounding the creation and sharing of the toolkit from Google, Facebook, and Twitter. The Intercept says, "it is unclear which companies have complied and to what extent."
This is a perfect example of how the data we willingly give to tech giants could possibly be used against us, even if what we are doing is perfectly legal, as Ravi's activities were ruled to be. What's more, it aptly shows when essential endeavors, such as defending our planet, and capitalism can be at odds. I feel that the essence of the problem is encapsulated perfectly by the article's last sentences:
"In North America and Europe, these companies are going to great lengths to show that they can be trusted to regulate hate speech and harmful conspiracies on their platforms while protecting the freedom to speak, debate, and disagree that is integral to any healthy society. But in India, where helping governments hunt and imprison peaceful activists and amplify hate appears to be the price of access to a huge and growing market, 'all of those arguments have gone out the window,' one activist told me. And for a simple reason: 'They are profiting from this harm.'"
Other notable stories
The description of each is not necessarily the headline
- Surveil-link #61 - Greece to begin using stealth drones armed with artificial intelligence to surveil its borders - Greek Reporter
- Surveil-link #62 - Firefox 86 touts "Total Cookie Protection" by "siloing third-party cookies per website" - TechCrunch
- Surveil-link #63 - Windows 10 gets encrypted domain lookups - BleepingComputer
- Surveil-link #64 - Omaha police deny allegations from the ACLU that Black activists were surveiled saying "phones were not wiretapped" - KETV7 Omaha
- Surveil-link #65 - The New York Times calls Illinois' Biometric Information Privacy Act "the best law you've never heard of"
- Surveil-link #66 - ACLU of Massachusetts drops repository of over 1,400 documents revealing the extent of the use of facial recognition by law enforcement in their state
- Surveil-link #67 - Calaveras County, California Sheriff's Department now acceptting civilian camera registrations - The Stockton Record
- Surveil-link #68 - India, Myanmar, Combodia, Vietnam, Thailand, and the Philippines are all adopting cyber laws conducive to increased surveillance - Thomson Reuters Foundation News
- Surveil-link #69 - Cedar Rapids, Iowa Police Department and City Council Member not happy with 250 citizen registered surveillance cameras. They say they want at least 1,000. - KCRG
- Surveil-link #70 - The Los Altos Town Crier reports that the Los Altos Hills, California City Council unanimously voted for pilot test of automatic license plate readers. This comes as the practice is being actively challenged in neighboring Oakland.
* Note: My organization, the Citizens Privacy Coalition of Santa Clara County, opposes this specific pilot program.
- Surveil-link #71 - Somerville, Massachusetts City Council assesses its surveillance policy and the powers it gives law enforcement to use surveillance in emergencies. They are also considering an independent civilian oversight board. - The Somerville Times
- Surveil-link #72 - TikTok agrees to pay $92 million in U.S. class action lawsuit over allegations that the app harvests users' biometric and other private data - Reuters
- Surveil-link #73 - SenSen, a company developing Smart City technologies, acquired Australian-based Snap Network Surveillance which develops "AI-powered multi-camera networked tracking technology" - SecurityInfowatch.com
- Surveil-link #74 - NYPD deploys robotic dog in dangerous situations, but others say their could be privacy implications - The New York Times