Liberty News

Britain's cinemas are to introduce digital ID cards for adults and children as proof of age for entry to age restricted films.

The UK Cinema Association, which represents 90% of cinemas, will from Monday accept a digital ID app which confirms the age of an adult or child to box office staff based on a previously uploaded official ID document such as a passport.

The technology, developed by digital ID provider Yoti is part of a wider move towards digital IDs for adults and children where there are restrictions on age-related products.

The Home Office is trialling Yoti's AI facial photo checks that can estimate age and its apps at supermarket checkouts to prevent children buying alcohol. If successful, ministers will consider amending the law to allow digital age checks for alcohol sales. It is not allowed under current legislation.  About 3 million Brits have already downloaded the Yoti app.

To obtain the digital age ID app, the person has to prove identity with a document such as a passport then take a live picture to confirm. The information is stored in a government-grade database that Yoti  claims it does not have access to and which can be erased at any time by the individual. However it should be noted that similar systems used for online ID generally maintained a full database of usage supposedly for 'fraud prevention' auditing.

The digital ID card shows the verified photo of the individual and their age as over 18, 15 or 12. There is a hologram on the card that moves when the phone is tilted to prevent spoofing. However this suggests that phones will have to be handed over to cinema staff to check the hologram.

The Government's new Public Order Bill would allow police to put innocent people on electronic ankle tags and ban them from attending marches and demonstrations.

Campaigners and people who want to attend a protest need not have ever committed any offence in order to be given a so-called protest banning order by the police.

Under this new anti-protest law, the police will be given powers to monitor campaigners using electronic GPS tags, restrict their internet activities and prevent them from attending protests. These are some of the most disturbing and anti-democratic police powers introduced in the UK for decades.

After the shocking police behaviour towards grieving women at the Clapham vigil for Sarah Everard, we fear these ankle tags could entail serious abuse. There is no place for police monitoring and oppression of people simply campaigning for change.

These extreme police powers would be controversial in Russia and China -- we cannot allow them in a democratic country like the UK.

Sign petition from you.38degrees.org.uk

An upcoming EU law has been leaked that requires big tech companies to scan the private messages of all their users regardless of any end to end encryption technolgy being used. Of course the EU cites child porn and grooming as the nominal justification but when messages have been scanned I am sure that governments will demand that the tech companies hand over the messages for a much wider range of reasons than that claimed.

Under the plans, tech companies -- ranging from web hosting services to messaging platforms - can be ordered to detect both new and previously discovered child sexual abuse material (CSAM) as well as potential instances of grooming. The detection could take place in chat messages, files uploaded to online services, or on websites that host abusive material. The plans echo an effort by Apple last year to scan photos on people's iPhones for abusive content before it was uploaded to iCloud. Apple paused its efforts after a widespread backlash.

If passed, the European legislation would require tech companies to conduct risk assessments for their services to assess the levels of CSAM on their platforms and their existing prevention measures. If necessary, regulators or courts may then issue detection orders that say tech companies must start installing and operating technologies to detect CSAM. The draft legislation doesn't specify what technologies must be installed or how they will operate -- these will be vetted by the new EU Centre -- but says they should be used even when end-to-end encryption is in place.

Read the full details in article from wired.com

India's cybersecurity censor, the Computer Emergency Response Team (CERT-In), will require  cloud and VPN providers to register their users. Custodial wallets, exchange, virtual asset providers, cloud providers and even VPN providers will have to keep records of their customers (KYC) and records of financial transactions for five years. Service providers will maintain logs of their systems for 180 days.

This would defeat the purpose of using a VPN and creates honeypots of data that could be misused for surveillance or stolen.

CERT-In are claiming that the new requirements will improve the overall cybersecurity posture and ensure a safe and trusted internet in India.

Update: VPN Providers Threaten to Quit India

6th May 2022. See article from wired.com

VPN companies are squaring up for a fight with the Indian government over new rules designed to change how they operate in the country. On April 28, officials announced that virtual private network companies will be required to collect swathes of customer data204and maintain it for five years or more204under a new national directive. VPN providers have two months to accede to the rules and start collecting data.

...

There's a worry other, more liberal governments will follow the Indian-Chinese model, too. Attacks on end-to-end encryption are commonplace in the UK, while the US joined India, the UK, Japan, Australia, and New Zealand in signing an international statement asking for backdoor access that would subvert encryption standards.

Read the full article from wired.com

Update: India's New VPN Policy Explained

10th May 2022. See article from beebom.com

A good write of how Indian government policies will effect the use of VPNs in India

Apple is set to roll out a snooping feature that scans messages for nudity to UK iPhones.

The feature uses AI technology to scan incoming and outgoing messages.

For the moment it is otional and allows parents to turn on warnings for their children's iPhones. When enabled, all photos sent or received by the child using the Messages app will be scanned for nudity.

If nudity is found in photos received by a child with the setting turned on, the photo will be blurred, and the child will be warned that it may contain sensitive content and nudged towards resources from child safety groups. If nudity is found in photos sent by a child, similar protections kick in, and the child is encouraged not to send the images, and given an option to Message a Grown-Up.

All the scanning is carried out on-device, meaning that the images are analysed by the iPhone itself, and Apple never sees either the photos being analysed or the results of the analysis, it said.

As originally announced in summer 2021, the communication safety in Messages and the search warnings were part of a trio of features that proved extremely contentious, and Apple delayed the launch of all three while it negotiated with privacy and child safety groups.

Of course having implemented the feature as an option it won't be long before it becomes an option that can be turned on by law enforcement in the name of seeking out terrorists, racists, anti-vaxers etc

Scraping is a term used to describe the automated use of the html page data which is downloaded by a browser and then used to diplay a web page. Perhaps the most obvious example is to select a section of text on a web page and use copy and paste to insert the text into another place.

The US Ninth Circuit Court of Appeals may have set an important precedent in the tech world. The court has essentially concluded that Data Scraping is not hacking. Hence, it might not be illegal to scrape data from websites, and social media platforms, unless there are defensive technologies in place.

After listening to the arguments in a case that involved Microsoft-owned LinkedIn and competitor hiQ Labs, the Ninth Circuit Court of Appeals has concluded that scraping publicly available data does not constitute a federal crime. The case dates back to 2017 which LinkedIn had filed against hiQ Labs. The social media platform for professionals had objected to its data being scraped.

LinkedIn essentially wanted hiQ Labs to immediately cease scraping public data from the social networking site. During the first trial, the court sided with hiQ Labs, noting that LinkedIn couldn't invoke federal hacking laws to stop the practice. The court opinioned that hiQ Labs' behavior didn't seem to violate any laws, and hence, the company's actions could not be classified as a crime.

A defining feature of public websites is that their publicly available sections lack limitations on access; instead those sections are open to anyone with a web browser. In other words, applying the gates analogy to a computer hosting publicly available webpages, that computer has erected no gates to lift or lower in the first place. Simply put, had LinkedIn deployed mechanisms to prevent data from being scraped, hiQ Labs would have been in the wrong. However, since there were no restrictions, LinkedIn's insistence that hiQ Labs must cease its practice doesn't have any merit.