Privacy

TikTok says it will stop accessing clipboard content on iOS devices

A beta feature on iOS 14 showed what the app was up to

See article from theverge.com

 

Update: Others too!

29th June 2020. See article from arstechnica.com

TikTok and 53 other iOS apps still snoop your sensitive clipboard data Passwords, bitcoin addresses, and anything else in clipboards are free for the taking.

See article from arstechnica.com

 

Update: India bans 59 Chinese snooping apps

29th June 2020. See article from financialexpress.com

The Government of India on Monday banned 59 Chinese apps including TikTok and UC Browser which are prejudicial to sovereignty and integrity of India, defence of India, security of state and public order, news agency ANI reported. Majority of these apps were recently red-flagged by intelligence agencies over concerns that they were collecting user data and possibly also sending them outside of the country's borders.

Among the apps that have been banned are Tik Tok, Sharit, Kwai, UC Browser, Baidu map, Shein, clash of Kings, DU battery saver, Helo, Likee, YouCam makeup, Mi Community, CM Browsers, Virus Cleaner, Apus Browser, among others.

The GDPR is a reprehensible and bureaucratic law that is impossible to fully comply with, and dictates an onerous process of risk assessments that are enforced by inspection and audits. It is not the sort of thing that you would wish on your grandmother. So the law makers built in an important exclusion such that the law does not apply to the processing of personal data by a natural person in the exercise of a purely personal or household activity.

But now a Dutch court has weighed in and decided that this important exclusion does not applying to posting family pictures on the likes of Twitter.

The court got involved in a family dispute between a grandmother who wanted to post pictures of her grand children on social against the wishes of the mother.

The court decided that the posting of pictures for public consumption on social media went beyond 'purely personal or household activity'. The details weren't fully worked out, but the court judgement suggested that they may have taken a different view had the pictures been posted to a more restricted audience, say to Facebook friends only. But saying that such nuance doesn't apply to Twitter where posts are by default public.

The outcome of the case was that the grandmother was therefore in the wrong and has been ordered to remove the pictures from her social media accounts.

But the horrible outcome of this court judgement is that anyone posting pictures of private individuals to Twitter must now register as a data controller, so requiring submission to the full bureaucratic nightmare that is the GDPR.

Phuket is a holiday island in Thailand that is accessed by road via a single bridge to the mainland. In the name of coronavirus monitoring the Phuket authorities have introduced an horribly invasive computerised checkpoint on the bridge.

The check on people crossing the bridge will include a temperature check with a facial recognition detection system connected with the public health database. In the case detection of a traveller has contracted the Covid-19 virus, police will be alerted at the checkpoints along with National Emergency Notification Center staff.

But that is just the beginning of it. The Phuket Smart Check Point will also include scanning for suspect vehicles involved in crimes, and checking the traveller's criminal record.

The Check Point will also require travellers to register and supply personal information. This will be kept on record for subsequent crossings and will be used for unspecified analysis by the authorities, including for the suppression of crime.

The system comes with an app that can be used as a tracking device allowing authorities to see where your current location is in the province.

The Information Commissioner's Office (ICO) has announced:

The ICO recently set out its regulatory approach during the COVID-19 pandemic, where we spoke about reassessing our priorities and resources.

Taking this into account we have made the decision to pause our investigation into real time bidding and the Adtech industry.

It is not our intention to put undue pressure on any industry at this time but our concerns about Adtech remain and we aim to restart our work in the coming months, when the time is right.

Google's sister company Side Walk Labs has abandoned its smart city development in Toronto citing the effects of coronavirus on the property market.

Chief executive Dan Doctoroff explained in a blog post:

It is with great personal sadness and disappointment that I share that Sidewalk Labs will no longer pursue the Quayside project.

For the last two-and-a-half years, we have been passionate about making Quayside happen -- indeed, we have invested time, people, and resources in Toronto, including opening a 30-person office on the waterfront. But as unprecedented economic uncertainty has set in around the world and in the Toronto real estate market, it has become too difficult to make the 12-acre project financially viable without sacrificing core parts of the plan we had developed together with Waterfront Toronto to build a truly inclusive, sustainable community. And so, after a great deal of deliberation, we concluded that it no longer made sense to proceed with the Quayside project, and let Waterfront Toronto know yesterday.

Online technology companies have joined to form a trade group to promote the case for child protection as the Government's Online Harms internet censorship bill works its way through parliament.

The Online Safety Tech Industry Association (OSTIA) launched at Leeds Digital Festival April 27, 2020 and brings together companies who operate in the field of online safety.

Initiated by Edinburgh-based Cyan Forensics and PUBLIC, 14 separate tech companies have joined. Members include Yoti, Crisp, Securium, Super Awesome and Safe To Net.

The group says that one of its aims is to counter free speech and privacy arguments that hit a chord with the public in press coverage of the aborted age verification censorship measures included in the government's Digital Economy Act. The group states on its website:

Too often the debate about Online Safety is focused around what cannot be done, what is technically impossible, and the conflict with other rights such as privacy and freedom of speech. We seek to provide an alternative voice in the debate.

The UK government as welcomed the launch and the Internet Watch Foundation (IWF) and NSPCC are also supporting the group. Caroline Dinenage, Minister of State for Digital and Culture in the Department for Digital, Culture, Media and Sport, said:

We are determined to make the UK the safest place in the world to be online and have set out world-leading proposals to put a duty of care on online companies, enforced by an independent regulator. We are backing the industry to support our work by developing new products to improve online security and drive growth in the digital economy. This new association will help bring together relevant organisations to collaborate, innovate and create a safer online world.

The UK government is reportedly preparing to launch an app that will warn users if they are in close proximity to someone who has tested positive for coronavirus .

The contact-tracking app will be released just before the lockdown is lifted or in its immediate aftermath and will use short-range Bluetooth signals to detect other phones in close vicinity and then store a record of those contacts on the device.

If somebody tests positive for COVID-19, they will be able to upload those contacts, who can then be alerted via the app.

It is reported that will not generally be shared with a central authority, potentially easing concerns that the app could snitch up users to the police for going jogging twice a day, or spending the night at your girlfriend's place.

NHSX, the innovation arm of the UK's National Health Service, will reportedly appoint an ethics board to oversee the development of the app, with its board members set to be announced over the coming weeks. It is a bit alarming that the government is envisaging such a long development schedule, suggesting perhaps that the end to the lockdown will be months away.

The NHS is reportedly counting on the app being downloaded by more than 50% of the population.

Offsite Comment: The government must explain its approach to mobile contact tracing

7th April 2020. See article from openrightsgroup.org by Jim Killock

The idea is for some 60% of the population to use an app which will look for people with the same app to record proximity. This data is then stored centrally. Health officials then add data of people who have been positively tested for COVID-19. Finally, persons who may be at risk because of their proximity to someone with the virus are alerted to this and asked to self-isolate.

This approach is likely to work best late on, when people are out of the full lock down and meeting people more than they were. It may be a key part of the strategy to move us out of lockdown and for dealing with the disease for some time afterwards. At the current time, during lockdown, it would not be so useful, as people are avoiding risk altogether.

Of course, it will be a huge challenge to persuade perhaps 75% or more of smartphone users (80% of adults have a smartphone) to install such an app, and keep it running for however long it is needed. And there are limitations: for instance a window or a wall may protect you while the app produces a false positive for risky contact. The clinical efficicacy of any approach needs to be throughly evaluated, or any app will risk making matters worse.

Getting users to install and use an application like this, and share location information, creates huge privacy and personal risks. It is an enormous ask for people to trust such an app -- which explains why both the UK and EU are emphasising privacy in the communications we have heard, albeit the EU project is much more explicit. It has a website , which explains:

PEPP-PR was explicitly created to adhere to strong European privacy and data protection laws and principles. The idea is to make the technology available to as many countries, managers of infectious disease responses, and developers as quickly and as easily as possible. The technical mechanisms and standards provided by PEPP-PT fully protect privacy and leverage the possibilities and features of digital technology to maximize speed and real-time capability of any national pandemic response.

There are plenty of other questions that arise from this approach. The European project and the UK project share the same goals; the companies, institutions and governments involved must be talking with each other, but there is no sign of any UK involvement on the European project's website.

The European project has committed to producing its technology in the open, for the world to share, under a Mozilla licence. This is the only sane approach in this crisis: other countries may need this tool. It also builds trust as people can evaluate how the technology works.

We don't know if the UK will share technology with this project, or if it will develop its own. On the face of it, sharing technology and resources would appear to make sense. This needs clarifying. In any event, the UK should be working to produce open source, freely reusable technology.

We urgently need to know how the projects will work together. This is perhaps the most important question. People do, after all, move across borders; the European project places a strong emphasis on interoperability between national implementations. In the, UK at the Irish border, it would make no sense for systems lacking interoperability to exist in the North and Eire.

Thus the UK and Europe will need to work together. We need to know how they will do this.

We are in a crisis that demands we share resources and technology, but respect the privacy of millions of people as best as we can. These values could easily flip -- allowing unrestricted sharing of personal data but failing to share techologies.

The government has already made a number of communications mis-steps relating to data, including statements that implied data protection laws do not apply in a health crisis; using aggregate mobile data without explaining why and how this is done; and employing the surveillance company Palantir without explaining or stating that it would be kept away from further tasks involving personal data.

These errors may be understandable, but to promote a mobile contact tool using massive amounts of personal location data, that also relies on voluntary participation, the UK government will have to do much better. PEPP-PT is showing how transparency can be done; while it too is not yet at a point where we understand their full approach, it is at least making a serious effort to establish trust.

We need the UK government to get ahead, as Europe is doing, and explain its approach to this massive, population-wide project, as soon as possible.

Offsite Comment: The EU also has an app

 7th April 2020. See article from politico.eu

Years of efforts to safeguard personal data running headlong into calls for drastic actions to counter the pandemic.

 

Update: The Challenge of Proximity Apps For COVID-19 Contact Tracing

11th April 2020. See article from eff.org

The Challenge of Proximity Apps For COVID-19 Contact Tracing

Developers are rapidly coalescing around applications for proximity tracing, which measures Bluetooth signal strength to determine whether two smartphones were close enough together for their users to transmit the virus. In this approach, if one of the users becomes infected, others whose proximity has been logged by the app could find out, self-quarantine, and seek testing. Just today, Apple and Google announced joint application programming interfaces (APIs) using these principles that will be rolled out in iOS and Android in May. A number of similarly designed applications are now available or will launch soon.

Update: Confirmed

13th April 2020. See article from bbc.co.uk

 The UK has confirmed plans for an app that will warn users if they have recently been in close proximity to someone suspected to be infected with the coronavirus.

The health secretary Matt Hancock announced the move at the government's daily pandemic press briefing. He said the NHS was working closely with the world's leading tech companies on the initiative.

The BBC has learned that NHSX - the health service's digital innovation unit - will test a pre-release version of the software with families at a secure location in the North of England next week.

 

Update: Can your smartphone crack Covid?

14th April 2020. See article from unherd.com by Timandra Harkness

 I write constantly about the threat to privacy of letting our smartphones share data that reveals where we go, what we do, and who shares our personal space. And although these are exceptional circumstances, we should not stop valuing our privacy. Emergency measures have a habit of becoming the new normal. And information about who we've been close to could be of interest to all sorts of people, from blackmailers to over-enthusiastic police officers enforcing their own interpretation of necessary activities.

Update: NHS in standoff with Apple and Google over coronavirus tracing

17th April 2020.See article from theguardian.com

Tech firms place limitations on how tracing apps may work in effort to protect users' privacy