Total Recall at Microsoft while France Doubles Down on Surveillance (Issue 33, 2024)
Also, the US thinks Apple is running a monopoly and Spain worries about Meta's effect on elections...
We’re delivering you the hottest internet news that affects all of us. Scroll down to read our full reporting below and if you love what we’re doing, please consider contributing $5 per month so that we can continue providing you with this vital, unique reporting.
Talk Liberation is committed to providing equal access for individuals with disabilities. To view an accessible version of this article, click here.
In this edition:
Spain Halts Meta Rollout Ahead of Elections
AirBnb’s Global Ban on Indoor Security Cameras
Millions of People Exposed in Cloud Storage Hack
General Motors Sued for Selling Driver Data
US Accuses Apple of Running a Monopoly
Paris Olympics to Implement Facial Recognition
Microsoft’s total “Recall” service Scares UK Government
Facial Recognition Tech Wrongly Flagging Customers
Spain Halts Meta Rollout Ahead of Elections
The Spanish Data Protection Authority (AEPD) halted the rollout of two new Meta products ahead of EU general elections that concluded June 9th. These general elections result in the 10th European Parliament and saw Spain elect all 61 of their EU seats.
The temporarily-banned Meta products were Election Day Information (EDI) and the Voter Information Unit (VIU) that would have shown eligible voters reminders for casting their vote. Prior to the commencement of elections however, the AEPD determined that providing these services required Meta to collect personal information likely in violation of GDPR, prompting them to issue the temporary stop.
The information Meta intended to collect on voters included name, IP address, age and gender. Due to the potential inclusion of political views, which are regarded as a protected “special category” under GDPR, the AEPD had authority to immediately halt their use. In most cases however, a lengthier and more formal process is followed as all EU countries require the Irish data regulators to investigate wrongdoings by Meta, whose EU arm is incorporated in Ireland.
AirBnb’s Global Ban on Indoor Security Cameras
AirBnb is cracking down on hosts with indoor security cameras and has provided new rules for tools like noise monitors (may only measure sound in decibels and no recording) and doorbell cameras (cannot cover private outdoor areas like showers or saunas).
Prior to this new policy, cameras and recording equipment were allowed as long as the host fully disclosed them to the guest. With the latest update they are now fully prohibited indoors and a violation could see the host’s AirBnb account terminated.
While AirBnb did not explicitly state the reason for updating the policy, recent controversies have shown guests prefer having their privacy respected when renting an AirBnb and are willing to call out hosts on social media who go too far.
In one example a guest found a camera “hidden in an alarm clock” and major news outlets have published guides on how to identify cameras specifically inside AirBnb rentals. While the existence of creepy hosts may never fully go away, the new policy from AirBnb emphasizes the company’s recognition that people’s privacy is worth protecting and is good for business.
Millions of People have Personal Data Exposed in Cloud Storage Hack
A malicious compromise of third-party cloud service provider Snowflake has led to over 165 organizations having their Snowflake-hosted data exposed. So far the largest impact appears to be Ticketmaster, with over half a billion customer’s names, physical and email addresses, phone numbers, and partial credit card information exposed.
Snowflake has stated that the breach occurred due to previously compromised credentials that were illegally purchased by the perpetrators. Cybersecurity researcher Kevin Beaumont has pushed back however, claiming that poor security protocols used by Snowflake made them an easy target to this type of attack.
Specifically citing Snowflake’s poor implementation of Multi-Factor Authentication (MFA), a widely accepted staple of proper cybersecurity, Kevin Beaumont stated, “The Snowflake authentication setup is terrible. MFA can’t be enabled org wide, each user has to manually log in and enable it. There’s no policy to block users without MFA. And it uses Duo MFA rather than your orgs MFA. (You can bring your own MFA with SAML). Also all users log in via a Snowflake domain, so you can just pull creds from info stealer marketplaces or logs. That’s why they’re being targeted as a platform.”
Likely also included in the data breach are Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, Progressive, State Farm, and Santander Bank who disclosed unauthorized access to one of its third-party hosted databases in mid-May.
General Motors Sued for Selling Driver Data to Insurers
A Florida resident is suing General Motors (GM) and OnStar, alleging they illegally shared his driving data with firms like LexisNexis Risk Solutions and Verisk. He alleges these companies then used this data to create driver risk profiles for car insurers, all without obtaining consent from the drivers themselves and directly leading to higher insurance premiums for some drivers.
In response to the lawsuit, a spokesperson for GM announced that the company had ceased providing OnStar driver data to LexisNexis and Verisk, although it is unknown if this is in perpetuity or temporarily until the lawsuit is resolved.
Commenting on the practice of obtaining “consent” from customers, lawyer and University of Michigan professor Erik Gordon said that;
“It’s not just car companies. The fine print of disclosing data is used by cable companies, almost any app you download, loyalty programs by retailers…What the core of the plaintiff’s complaint is, is that the law allows data gathers, date resellers and data brokers to do things using fine print, in language that isn’t clear to the data-givers.”
The lawsuit comes on the heels of United States Sen. Edward Markey requesting that the Federal Trade Commission investigate the data privacy practices of 14 automakers. He stated, "Automakers are collecting large amounts of data on drivers, passengers, and even people outside the vehicle, with little to no oversight."
The US Accuses Apple of Running a Monopoly
The United States Department of Justice (DOJ) is suing Apple for creating an illegal monopoly over the smartphone market. The lawsuit is also supported by 16 state and district attorneys general and claims that Apple's actions increased prices for consumers and developers as well as fostering an increasing dependence on Apple products.
Regarding the alleged monopoly, the DOJ has focused on five areas where Apple’s behavior directly led them to “…extract more money from consumers, developers, content creators, artists, publishers, small businesses, and merchants”
Disrupting "super apps" that facilitate switching to competing devices
Blocking cloud-streaming apps for video games that would reduce the need for expensive hardware
Suppressing the quality of messaging between iPhone and other devices
Limiting functionality of third-party smartwatches and hindering user switching
Blocking third-party developers from creating competing digital wallets with tap-to-pay functionality for the iPhone
DOJ Antitrust Division Chief Jonathan Kanter also stated, “For years, Apple responded to competitive threats by imposing a series of ‘Whac-A-Mole’ contractual rules and restrictions that have allowed Apple to extract higher prices”.
The Apple case is only one of multiple “big tech monopoly” actions being pursued by the DOJ. A suit involving Google’s search distribution and a separate advertising based lawsuit against Google will have their day in court as the Department of Justice tries to bring some accountability to these powerful corporations.
Paris Olympics to Implement Facial Recognition
At the end of June the Summer Olympics will begin in Paris, France and a recently passed law will ensure that facial recognition, video surveillance augmented by AI, use of body scanners, personal data retention, and surveillance footage access by transport agencies will all be in effect.
Citing growing concerns of terrorism, the French government has defended the new security measures as necessary, however, Amnesty International has decried this rationalization by stating, “While France promotes itself as a champion of human rights globally, its decision to legalize AI-powered mass surveillance during the Olympics will lead to an all-out assault on the rights to privacy, protest, and freedom of assembly and expression.”
Also commenting on the matter was Digital Rights lawyer and Advisor at the European Center for Not-for-Profit Law, Karolina Iwańska, who says there is a small likelihood that these “exceptional powers” will suddenly be given up after the Olympics conclude. Her critique stated, “Once a biometric surveillance infrastructure is in place, the risk of abuse and repurposing it (so-called ‘function creep’) is very high.”
Microsoft’s total “Recall” service Scares UK Government
National data watchdogs at the Information Commissioners Office (ICO) for the United Kingdom have opened inquiries with Microsoft over a new “Recall” feature that will “store encrypted snapshots locally on your computer” if you use one of their soon-to-be released Copilot+ PCs.
Prompting the inquiries are privacy campaigners who are calling the new service a potential “privacy nightmare”. Jen Caltrider, who leads a privacy team at Mozilla, is worried that the security of a simple password and the type of data the screenshot service creates will make Recall users a bigger target.
Daniel Tozer, a data and privacy expert at Keystone Law is also raising awareness that for businesses utilizing the Recall feature, many thorny issues around proprietary information, intellectual property and sensitive customer data exist and, "Microsoft will need a lawful basis to record and re-display the user’s personal information."
Facial Recognition Tech Wrongly Flagging Customers
A provider of facial recognition software is being sued after their system flagged an innocent customer of Home Bargains as a shoplifter, causing the 19 year old woman to be confronted and kicked from the store.
The company providing the facial recognition tech is Facewatch, and this is not the first time they’ve recently made headlines in the UK. Just last year the company faced an investigation from the UK’s Information Commissioners Office (ICO), who concluded; “Facewatch’s system was permissible under law but also [sic] found that the company’s policies had breached data protection legislation”.
Big Brother Watch, a digital rights advocacy group, is spearheading the campaign to reign in facial recognition and is supporting the lawsuit brought by the mis-identified woman. They claim the impact to innocent citizens lives caused by wrongful identification is too high, and that company’s like Facewatch need higher accountability if the government is going to support and use their technology.
That concludes this edition of Your Worldwide INTERNET REPORT!
Remember to SUBSCRIBE and spread the word about this unique news service.
This issue of Your Worldwide INTERNET REPORT was written by Matt Millen of WillenRimer; Edited by Suzie Dawson and Sean O’Brien; Graphics by K4t4rt; with production support by Beth Bracken.
Talk Liberation - Your Worldwide INTERNET REPORT was brought to you by Panquake.com. We Don’t Hope, We Build!
© Talk Liberation Limited. The original content of this article is licensed under a Creative Commons Attribution-ShareAlike 4.0 International license. Please attribute copies of this work to “Talk Liberation” or talkliberation.com. Some of the work(s) that this program incorporates may be separately licensed. For further information or additional permissions, contact licensing@talkliberation.com