Category: Surveillance & Privacy

  Corruption Ledger editorial note: Privacy technology and strategies have the ability to help all oppressed people, whether male, female, underprivileged or targeted by corrupt corporate or government establishments. Here’s one case in point. TEGUCIGALPA, Honduras (AP) — Inside a little wooden house among the pine and oak forests of western Honduras’ coffee-growing mountains, a woman opened a tiny package…

  It turns out that if you fire basically all of the competent trust & safety people at your website, you end up with a site that is neither trustworthy, nor safe. We’ve spent months covering ways in which you cannot trust anything from Twitter or Elon Musk, and there have been some indications of real safety problems on the…

Apple’s App Store team prevented more than $2 billion in transactions tagged as potentially fraudulent and blocked almost 1.7 million app submissions for privacy, security, and content policy violations in 2022. As part of its ongoing efforts to fend off account fraud, the company also terminated 428,000 developer accounts for potentially fraudulent activity, deactivated 282 million fraudulent customer accounts, and blocked…

  One of the largest pharmacy service providers in the United States has confirmed that hackers accessed the personal data of almost six million patients. PharMerica operates over 2,500 facilities across the U.S. and offers more than 3,100 pharmacy and healthcare programs. In a data breach notification filed with Maine’s attorney general, PharMerica said it learned of suspicious activity on…

PARIS – The traces of genetic material that humans constantly shed wherever they go could soon be used to track individual people, or even whole ethnic groups, scientists said on Monday, warning of a looming “ethical quagmire”.

A recently developed technique can glean a huge amount of information from tiny samples of genetic material called environmental DNA, or eDNA, that humans and animals leave behind everywhere – including in the air.

The tool could lead to a range of medical and scientific advances, and could even help track down criminals, according to the authors of a new study published in the journal Nature Ecology & Evolution.

But it also poses a vast range of concerns around consent, privacy and surveillance, they added.

Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers.

PharMerica is a pharmacy services provider in 50 U.S. states, operating 180 local and 70,000 backup pharmacies, and serving 3,100 medical facilities nationwide.

According to a data breach notification submitted to the Office of the Maine Attorney General, hackers breached PharMerica’s system on March 12th, 2023, stealing the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people.

The firm discovered the intrusion on March 14th, 2023, and its investigation determined on March 21st that client data had been stolen. However, notices of a data breach were sent to impacted individuals only last Friday, May 12th, 2023.

airBaltic, Latvia’s flag carrier has acknowledged that a ‘technical error’ exposed reservation details of some of its passengers to other airBaltic passengers. Passengers also reported receiving unexpected emails which addressed them by the name of another customer. The Riga-based airline, incorporated as AS Air Baltic Corporation operates flights to 80 destinations and is 97% government-owned. Although the air carrier says the…

WASHINGTON (AP) — China was the biggest global jailer of journalists last year with more than 100 behind bars, according to a press freedom group, as President Xi Jinping’s government tightened control over society. Xi’s government also was one of the biggest exporters of propaganda content, according to Reporters without Boarders. China ranked second to last on the group’s annual…

The European Union’s top court has handed down a couple of notable rulings today in the arena of data protection. One (Case C-300/21) deals with compensation for breaches of the bloc’s General Data Protection Regulation (GDPR); and the second (Case C-487/21) clarifies the nature of information that individuals exercising GDPR rights to obtain a copy of data held on them…

The U.S. Federal Trade Commission is alleging Facebook “repeatedly violated its privacy promises” and is proposing a “blanket prohibition” on parent company Meta’s monetization of data of users under 18. The company, meanwhile, called the move “a political stunt.” The FTC on Wednesday moved to expand its USD5 billion privacy order with then-Facebook from 2020, claiming the company failed to…

In a class-action lawsuit filed March 16 by an Amazon Go customer, Amazon was accused of not properly notifying its New York Amazon Go store customers that it was tracking and collecting their biometric data.

Amazon Go stores are cashierless stores operated by Amazon, com that allow customers to enter the store, pick up the products they want, and walk out without having to wait in a checkout line or scan their items. The stores use a combination of computer vision, sensor fusion, and deep-learning technologies to detect which products customers take off the shelves and then charge their Amazon accounts accordingly.

According to the lawsuit, Amazon Go collects biometric data “by scanning the palms of some customers to identify them and by applying computer vision, deep learning algorithms, and sensor fusion that measure the shape and size of each customer’s body to identify customers, track where they move in the stores, and determine what they have purchased.”

There is reasonable concern that the biometric data allegedly collected by Amazon might find their way into federal databases, as Amazon also provides server space to the federal government.

E2EE is a widely used technology that protects everyone’s privacy and security by encoding the contents of digital communications and files so that they’re decipherable only by the sender and intended recipients. Not even the provider of the E2EE service can read or hear its users’ conversations. E2EE is built in by default to popular apps such as WhatsApp, iMessage, FaceTime, and Signal, thereby securing billions of people’s messages and calls for free. Default E2EE is also set to expand to Meta’s Messenger app and Instagram direct messages later this year. 

E2EE’s growing ubiquity seems like a clear win for personal privacy, security, and safety, as well as national security and the economy. And yet E2EE’s popularity has its critics – including, unfortunately, Sen. Durbin. Because it’s harder for providers and law enforcement to detect malicious activity in encrypted environments than unencrypted ones (albeit not impossible, as I’ll discuss), law enforcement officials and lawmakers often demonize E2EE. But E2EE is a vital protection against crime and abuse, because it helps to protect people (children included) from the harms that happen when their personal information and private conversations fall into the wrong hands: data breaches, hacking, cybercrime, snooping by hostile foreign governments, stalkers and domestic abusers, and so on.

That’s why it’s so important that national policy promote rather than dissuade the use of E2EE – and why it’s so disappointing that STOP CSAM has turned out to be just the opposite: yet another misguided effort by lawmakers in the name of online safety that would only make us all less safe. 

First, STOP CSAM’s new criminal and civil liability provisions could be used to hold E2EE services liable for CSAM and other child sex offenses that happen in encrypted environments. Second, the reporting requirements look like a sneaky attempt to tee up future legislation to ban E2EE outright.

The U.S. government has sounded the alarm about a critical software vulnerability found in genomics giant Illumina’s DNA sequencing devices, which hackers can exploit to modify or steal patients’ sensitive medical data.

In separate advisories released on Thursday, U.S. cybersecurity agency CISA and the U.S. Food and Drug Administration warned that the security flaw — tracked as CVE-2023-1968 with the maximum vulnerability severity rating of 10 out of 10 — allows hackers to remotely access an affected device over the internet without needing a password. If exploited, the bug could allow hackers to compromise devices to produce incorrect or altered results, or none at all.

BRUSSELS – Companies deploying generative artificial intelligence (AI) tools, such as ChatGPT, will have to disclose any copyrighted material used to develop their systems, according to an early European Union agreement that could pave the way for the world’s first comprehensive laws governing the technology.

The European Commission began drafting the AI Act nearly two years ago to regulate the emerging technology, which underwent a boom in investment and popularity following the release of OpenAI’s ChatGPT.

Members of the European Parliament agreed to push the draft through to the next stage, the trilogue, during which EU lawmakers and member states will thrash out the final details of the bill.

Under the proposals, AI tools will be classified according to their perceived risk level: From minimal through to limited, high, and unacceptable.

Hackers have stolen email addresses, direct messages, and other personal data from users of two dating websites, according to a data breach expert.

Earlier this week, someone alerted Troy Hunt, the founder and maintainer of the data breach alerting website Have I Been Pwned, that hackers had breached two dating websites, CityJerks and TruckerSucker. Hunt told TechCrunch that he analyzed the stolen data and found usernames, email addresses, passwords, profile pictures, sexual orientation, users’ date of birth, their city and state, their IP addresses, and biographies. The stolen passwords are scrambled with a weak algorithm that could potentially be broken and allow hackers to see the actual passwords.”

Senator Brian Schatz is one of the more thoughtful Senators we have, and he and his staff have actually spent time talking to lots of experts in trying to craft bills regarding the internet. Unfortunately, it still seems like he still falls under the seductive sway of this or that moral panic, so when the bills actually come out, they’re…