Tag: data privacy
16. November 2021
On October 27th, 2021 Signal published a search warrant for user data issued by a court in Santa Clara, California. The court ordered Signal to provide a variety of information, including a user’s name, address, correspondence, contacts, groups, and call records from the years 2019 and 2020. Signal was only able to provide two sets of data: the timestamp of when the account was created and the date of the last connection to the Signal server, as Signal does not store any other information about its users.
The warrant also included a confidentiality order that was extended four times. Signal stated:
Though the judge approved four consecutive non-disclosure orders, the court never acknowledged receipt of our motion to partially unseal, nor scheduled a hearing, and would not return counsel’s phone calls seeking to schedule a hearing.
A similar case was made public by Signal in 2016, when a court in Virginia requested the release of user data and ordered that the request not be made public. Signal fought the non-publication order in court and eventually won.
Signal is a messenger app that is highly regarded among privacy experts like Edward Snowden. That’s because Signal has used end-to-end encryption by default from the start, doesn’t ask its users for personal information or store personal data on its servers and is open source. The messenger is therefore considered particularly secure and trustworthy. Moreover, no security vulnerabilities have become known so far, which is definitely the case with numerous competing products.
Since 2018, Signal is beeing operated by the non-profit organization Signal Technology Foundation and the Signal Messenger LLC. At that time, WhatsApp co-founder Brian Acton, among others, joined the company and invested $50 million. Signal founder Moxie Marlinspike is also still on board.
The EU commission is planning a legislative package to fight the spread of child abuse on the Internet. The law will also include automated searches of the content of private and encrypted communications, for example via messenger apps. This would undermine the core functions of Signal in Europe. Critics call this form of preventive mass surveillance a threat to privacy, IT security, freedom of expression and democracy.
20. November 2020
On November 3rd 2020, Californian citizens were able to vote on the California Privacy Rights Act of 2020 (“CPRA”) in a state ballot (we reported). As polls leading up to the vote already suggested, California voters approved the new Privacy legislation, also known as “Prop 24”. The CPRA was passed with 56.2% of Yes Votes to 43.8% of No Votes. Most provisions of the CPRA will enter into force on 1 January 2021 and will become applicable to businesses on 1 January 2023. It will, at large, only apply to information collected from 1 January 2022.
The CPRA will complement and expand privacy rights of California citizens considerably. Among others, the amendments will include:
- Broadening the term “sale” of personal information to “sale or share” of private information,
- Adding new requirements to qualify as a “service provider” and defining the term “contractor” anew,
- Defining the term “consent”,
- Introducing the category of “Sensitive Information”, including a consumer’s Right to limit the use of “Sensitive Information”,
- Introducing the concept of “Profiling” and granting consumers the Right to Opt-out of the use of the personal information for Automated Decision-Making,
- Granting consumers the Right to correct inaccurate information,
- Granting consumers the Right to Data Portability, and
- Establishing the California Privacy Protection Agency (CalPPA) with a broad scope of responsibilities and enforcement powers.
Ensuring compliance with the CPRA will require proper preparation. Affected businesses will have to review existing processes or implement new processes in order to guarantee the newly added consumer rights, meet the contractual requirements with service providers/contractors, and show compliance with the new legislation as a whole.
In an interview after the passage of the CPRA, the initiator of the CCPA and the CPRA Alastair Mactaggard commented that
Privacy legislation is here to stay.
He hopes that California Privacy legislation will be a model for other states or even the U.S. Congress to follow, in order to offer consumers in other parts of the country the same Privacy rights as there are in California now.
30. July 2019
The police in Beijing and Shanghai have begun to use a new form of surveillance. The gait recognition technology analyzes the body shapes and ways people walk to identify them, even if their faces are hidden from the camera.
The gait recognition software is part of an advance in China towards the development of artificial intelligence and data-driven surveillance.
On their website, the Chinese technology startup Watrix explains that gait functions with a low-resolution video are remotely obtainable and recognizable compared to other biometrics such as face, iris, palm print and fingerprint. With the features of the contactless, far-reaching, transparent recognition range and the difficult to disguise gait recognition, it closes the gap in the market for remote identification in the public security industry. “You don’t need people’s cooperation for us to be able to recognize their identity,” Huang Yongzhen, the CEO of Watrix, said in an interview. “Gait analysis can’t be fooled by simply limping, walking with splayed feet or hunching over, because we’re analyzing all the features of an entire body.”
Watrix’s software extracts a person’s silhouette from the video and analyzes their movements to create a model of the person’s gait. However, it is not yet able to identify people in real time. Users must upload videos to the program. Yet no special cameras are needed. The software can use footage from regular surveillance cameras to analyze the gait.
The technology is not new. Scientists in Japan, the UK and the U.S. Defense Information Systems Agency have been researching gait detection for over a decade. Professors from the University of Osaka have been working with the Japanese National Police Agency since 2013 to pilot the gait recognition software.