US Spies Sneak Vast Surveillance Powers Into "Reform" Bill
Just before the winter break in Congress, HR 6570 (the Protect Liberty and End Warrantless Surveillance Act) and HR 6611 (the FISA Reform and Reauthorization Act of 2023), were slated for a committee vote to select which bill would make its way to the United States Senate. Both of these competing bills contain a re-authorization of Section 702, a pro-surveillance law giving broad authority for law enforcement to collect private data on citizens and non-citizens alike.
In the case of HR 6570, privacy and civil rights advocates have widely supported it as the re-authorization of Section 702 comes with “strong civil liberties and privacy provisions” designed to walk back some of the surveillance powers granted in the original Section 702.
The competing bill, HR 6611, also contains a re-authorization of Section 702 but broadens the responsibility of businesses to collect and aid law enforcement in spying on their patrons.
Panquake CTO and founder of Yale Privacy Lab Sean O'Brien, says about HR 6611 "This is an amped up Patriot Act, rushed through during the holidays so we don't pay attention. This legislation gives a green light to the feds to force your local coffee shop, pub, or classroom to spy on you."
Section 702 was set to expire on December 31, 2023 and the vote to advance the bill to the Senate was supposed to happen by December 15th. However, the legislative authority of Section 702 was instead extended through April 2024 via additions to the National Defense Authorization Act (NDAA). This means that advocates for privacy and civil liberties still have a window to fight these bills and you can expect some dramatic moments in March and April as Section 702’s expiry looms yet again.
CVS, Walgreens, and Rite Aid Pharmacies Routinely Give Health Data to Police Without Warrants
According to an investigation from the United States Congress, all of the big pharmacy chains in the US hand over sensitive medical data on customers to law enforcement. This has created a privacy nightmare as legality and access to reproductive healthcare now varies wildly from state to state and patients receiving legal, allowed care in a neighboring state could be violating criminal laws at home.
Also included in the congressional report, all 7 of the largest pharmacies “…do not require law enforcement to have a warrant prior to sharing private and sensitive medical records, which can include the prescription drugs a person used or uses and their medical conditions”.
While the report notes that none of the pharmacies are explicitly in violation of the Health Insurance Portability and Accountability Act (HIPAA), congress members are strongly recommending that the pharmacies require a warrant before handing over medical records and in their written statement said that, “Pharmacies can and should insist on a warrant, and invite law enforcement agencies that insist on demanding patient medical records with solely a subpoena to go to court to enforce that demand.”
Meta’s AI Image Generator trained on your Instagram & Facebook Photos
Meta recently released a free, stand-alone AI image generator that was trained on over 1 Billion photos that are publicly visible on both Instagram and Facebook.
Giving new meaning to the old phrase “If you’re not paying for it, you are the product”, privacy conscious people who use Meta’s apps should be able to simply set their photos to “private” to prevent personal images from being used in the future (assuming Meta doesn’t change this policy of course).
Meta’s AI Image Generator Emu joins a competitive market that includes similar products like DALL-E, Midjourney and Stable Diffusion. However, with the advantage of using millions of peoples personal photos for training it is more than possible that Emu becomes a top performer for this AI niche.
Push Notifications allow Governments to Spy on most SmartPhones
A letter to the United States Justice Department from Senator Ron Wyden (D-Oregon) recently stated that “unidentified governments are spying on Apple and Google phone users through their push notifications”.
According to the Senator, his office received information last year that foreign governments were “demanding” push notification records from the companies and that the tech giants are “in a unique position to facilitate government surveillance of how users are using particular apps.”
In the letter, Senator Wyden called on the Justice Department to permit these tech companies to “generally reveal whether they have been compelled to facilitate this surveillance practice, to publish aggregate statistics about the number of demands they receive, and unless temporarily gagged by a court, to notify specific customers about demands for their data.”
UK Citizens Worry About Privacy as US Palantir wins Gov Healthcare contract
The United Kingdom’s National Health Service (NHS) recently announced a controversial contract by agreeing to work with billionaire Peter Thiel’s company Palantir to set up a “federated data platform” over the next 5 years.
The pushback on this announcement stems from Palantir’s close work with intelligence agencies and military organizations around the world, such as the CIA and UK Ministry of Defence, which has caused many to question the suitability of Palantir as a responsible party concerning the security and privacy of patient medical records.
Opposition to the contract has come from many places, including Conservative, Labour and Liberal Democrat MPs, along with tech, medical and civil liberties groups. Commenting on the Palantir announcement, Peter Frankental from Amnesty International stated, “Any NHS public procurement tenderers whose activities have been linked to serious human rights abuses, as is the case with Palantir, should be excluded on grounds of ‘grave professional misconduct’, as permitted under procurement law.”
23andMe October Data Breach Worse than Originally Thought
New information related to the 23andMe data breach from October unfortunately further muddied the waters about how the breach actually occurred. New information has now made clear the attackers collected the personal data of about 5.5 million people who had opted in to DNA Relatives, as well as information from an additional 1.4 million DNA Relatives users who “had their Family Tree profile information accessed."
The new numbers show a large difference from the originally reported 14,000 people who 23andMe said had their accounts accessed due to passwords being bruteforce guessed or compromised from previous data breaches.
When asked by WIRED why the new information was not included in the SEC filing 23andMe made regarding the breach, a company spokesperson said, “we are only elaborating on the information included in the SEC filing by providing more specific numbers”.
UK Age Verification Guidelines for porn will use AI, Digital ID Wallets and More
The United Kingdom has pledged to make the U.K. “the safest place to go online in the world” and has unveiled new guidelines for the age assurance technology they’re betting on to make this a reality.
The draft guidance has been given to pornography sites and recommends they require users to: “sign into Open Banking to prove they’re not a minor; upload a copy of their passport and have a live selfie taken to check the photos match; or submit their naked visage to webcam assessment in order that an AI can make a calculation of whether they look legit old enough to view adult material”.
While the current guidelines are focused on the pornography industry, it is expected that social media sites will soon be required to apply “highly effective” age assurance in order to prevent children from accessing in-appropriate or adult content.
Big Tech Watchdog Sorely Needed according to Australian Senate
An Australian Senate committee has recommended a tougher approach on tech giants including new laws that allow citizens the right to have their data deleted and the introduction of a “Big Tech Watchdog” agency to enforce regulations.
The committee also noted that there were “significant regulatory gaps” when it came to policing big tech and that these powerful companies had such a high concentration over the market that it allowed them to engage in “anti-competitive practices”.
The Senate committee hopes the outcome of their report will include the introduction of a public register for advertising material and mandatory reporting for large platforms on algorithm transparency, data collection and user profiling.