Who’s abusing your privacy now? Is a new entrant overpromising and underdelivering? (Issue 16, 2022)

Another EU ruling against Google: Are the dominoes falling?

Talk Liberation is committed to providing equal access for individuals with disabilities. To view an accessible version of this article, click here.

• GETTR tracks and violates user privacy: revealed in our investigative report

• IRS to require facial recognition scans to file and pay taxes

• Google Analytics deemed ‘illegal’ in Austria

• India’s Data Protection Bill one step closer to passing

• Proposed New York bill seeks to limit police surveillance

• Facebook patents mechanical eye for metaverse

• Reining in Police use of biometrics and facial recognition

• FCC proposes new regulations for cell phone companies

GETTR tracks and violates user privacy revealed in investigative report

New social media site and blogging platform GETTR markets itself as a “breakaway from big tech.” However, a recent investigation by Talk Liberation Investigates uncovers that the platform is just more of the same. Founder of Yale Privacy Lab, cybersecurity expert Sean O’Brien, who is the Talk Liberation Editor that authored the report, found that numerous trackers from Facebook and Google are embedded within the GETTR web and smartphone apps. Additionally, the app permissions allow for surveillance of a wide range of user information including location and behavioral data. And that’s not all. It seems that GETTRs privacy policy fails to disclose the full extent of its data collection and sharing with third parties.

Sean O’Brien said: “Given all that we’ve learned about GETTR, the bottom line isn’t about what you’re getting from them. It is about what they’re getting from you.”

Before the site was under the name GETTR, it existed as “Getome,” and was targeted at Chinese-language audiences. According to a report in Politico, Getome was part of former Trump 2016 campaign strategist Steve Bannon’s GNEWS and GTV properties. At the time of the investigation, Getome was still available on Google Play and provided a backdoor to GETTR where users can “log in and interact on the network through the Getome app.” GETTR officially launched under its current name in July 2021 at a time when a growing number of social media users were becoming disillusioned with existing platforms.

The Talk Liberation Investigates report was picked up by several prominent media publications including Gizmodo, The New Yorker, Vice and The Daily Dot.

IRS to require facial recognition scans to file and pay taxes

The Internal Revenue Service (IRS) will require taxpayers filing taxes online for 2021 to submit a selfie prior to accessing certain features on their account. The IRS has contracted ID.me, a third-party service that requires the taxpayer to take a video selfie on a smartphone or computer webcam as well as submit sensitive government documents to confirm identity.

Beginning in summer 2021, online taxpayers with an IRS account will no longer be able to access their account without providing biometric data.

ID.me is a Virginia-based identification company created in 2010. The company helps several ‘e-commerce sites validate the identity of customers’. In addition, ID.me is used by governmental agencies including the Social Security Administration and Veteran’s Affairs and is already contracted by several state governments.

According to a report in CNBC, a spokesperson for the IRS said, “...taxpayers can pay or file their taxes without submitting a selfie or other information to a third-party identity verification company.” However, an account with ID.me will be necessary to complete basic tasks on ones account such as “applying for payment plans, monitoring stimulus checks and requesting Identity Protection PINs.”

The new biometric requirement is intended to prevent fraud and identity theft. However, the process proves to be far less convenient as a report published 2021 indicated many users had difficulty progressing through the ID.me process.

Google Analytics deemed ‘illegal’ in Austria

Europe’s General Data Protection Regulation or GDPR has been a problem for Big Tech companies collecting and storing user data for the past several years. Google, Facebook, WhatsApp and others have all been on the radar of the GDPR. And now the GDPR is cracking down on customers of US cloud services including retailers and even governments.

The Austrian Data Protection Authority found that the operators of a health-related website using Google Analytics were in violation of the GDPR for transferring users’ personal data from Google to companies in the United States. Privacy advocates are claiming a partial victory with this latest decision which may result in more similar rulings. A year and a half ago, approximately 101 complaints were filed by Max Schrems and his privacy advocacy group, NOYB.eu. The violation stems from a previous ruling from the European Union’s top court.

In 2020, the EU established a precedent deeming it illegal to transfer a European users data to a company in the United States if that company cannot assure that the data will not be transferred to US intelligence agencies. According to a report in Fortune, the nature of the US Foreign Intelligence Surveillance Act (FISA) means that not a single US-based company can provide such a guarantee.

However, Google claims that companies using Google Analytics are in control of what data is collected and how the data is used. Looking ahead, European companies have a few options moving forward - one is to stop using US cloud services. According to the report, if similar decisions follow it could reduce the incentive for companies in Europe to continue using US cloud services.

India’s Data Protection Bill one step closer to passing

India's draft Data Protection Bill is one step closer to being fully implemented. The Indian Joint Parliamentary Committee (JPC) submitted its report on the bill which is likely to be passed by Parliament during its next session in early February 2022. The JPC recommends the bill be introduced using a phased approach beginning with the appointment of government officials to fulfill the Data Protection Authority (DPA). Full incorporation of the bill into law could take 24 months.

In addition, the JPC report also recommended revisions to the bill with many changes related to the powers of the Government and decision-making by the DPA. A noteworthy proposed change is the mandatory notification of data breaches within 72 hours of discovery. This applies to every data breach impacting Indian data subjects. Additionally, the report seeks to expand the bill to cover non personally identifiable information but in a limited manner. An earlier provision of the bill which allows the Government to regulate the sharing of such data remains. However, the bill allows for possible expansion of non-personal data regulation in the future. The intent is to ‘deliver services and formulate evidence-based policies.’

Another proposed revision to the bill is a consent requirement for the processing of data with some exceptions such as complying with court orders and in cases of medical emergency.

Proposed New York bill seeks to limit police surveillance

A New York state bill aimed at banning law enforcement use of geofence warrants (or reverse location warrants) and keyword search warrants is gaining traction among lawmakers. If passed, the bill would prohibit law enforcement from ‘obtaining residents private user data’ from Big Tech.

To conduct a ‘reverse location’ warrant, law enforcement asks a judge to request that Google, for example, provide law enforcement with records on phones were within a geographical radius at a certain time. According to TechCrunch, this capability for law enforcement is only possible through Google, which collects and stores billions of location data points from its users in order to provide services and to advertise. This practice generates the mega corporation $150 billion in revenue.

This collaboration between Google and law enforcement may be coming to an end with the progression of The Reverse Location Search Prohibition Act. In 2021, it was reintroduced before New York Assembly and Senate by Democratic lawmakers. Previously, the bill failed to pass but in mid-January 2022 it was referred to committee, which is a significant step toward it being considered for a Senate vote.

If passed, the bill would be the first US state legislation that prohibits geofence and keyword search warrants. According to the report, in 2020, ‘Google processed more than 11,500 geofence warrants.’ The state of New York is responsible for 2-3% of all US geofence warrants.

Facebook patents mechanical eye for metaverse

Social media giant Facebook is spending billions of dollars getting many of its users to participate in the virtual reality metaverse. Recently, Facebook patented its ‘Mechanical Eyeball 100’ - a robotic eye that is designed to resemble a human eye, and its accompanying design descriptions are rather complex.

The eye consists of ‘two rotational axes that intersect at a center point,’ and parts of the mechanical eye closely mimic the sclera, retina, cornea, pupil and iris. So not only is the eye designed to look authentic to the user, it also functions similarly to the human eye.

The new technology contains sensors to help it see, and it can also be trained to make improvements through machine learning. According to the report, this is likely done through the tracking of eye movement through data gathered from human users using a CAPTCHA test. Furthermore, the mechanical eye can serve a variety of purposes and can be used to track human eye movements itself.

However, incorporating human features into robot technology is not a new initiative for Meta. The company announced in November 2021 that it had partnered with Carnegie Mellon University to create ‘lightweight, tactile-sensing robot skin.’

The Mechanical Eyeball 100 and synthetic skin creations are part of Meta’s AI division experimentation which became publicized in 2019.

Reining in police use of biometrics and facial recognition

Police in New York may see their use of facial biometrics and similar technology significantly limited by three proposals that will be presented before the state legislature. New York Assembly Bill 5492 proposes the elimination of biometric surveillance as well as the use of data biometrics from third party surveillance systems.

Additionally, S5492 would prohibit law enforcement and any police officer from ‘acquiring, possessing, accessing, installing, activating, or using any biometric surveillance system including facial recognition.’

Senator Brad Hoylman introduced an almost identical bill within the Senate,
S79, which would prohibit the use of facial biometrics on police body cameras. The bill also seeks to establish a task force to regulate biometric surveillance ‘and provides for the expiration and repeal of certain provisions.’

Each of the three proposals are now before committees including the Assembly Governmental Operations Committee, Senate Finance Committee and the Senate Internet and Technology Committee.

FCC proposes new regulations for cell phone companies

The Federal Communication Commission (FCC) is proposing new regulations for cell phone companies. The proposal comes from FCC chairwoman Jessica Rosenworcel and would require companies to notify customers and government if a data breach occurs. According to an FCC press release, the proposed regulations are in response to the ‘evolving nature of data breaches’ and the threats posed to customers.

The proposal includes several updates to the current FCC guidelines as it relates to telecommunications carriers or cell phone providers. If passed, it would eliminate the FCCs seven-business-day mandatory waiting period for notifying customers of a data breach, which would also apply to inadvertent breaches. In addition, the proposal would require companies to notify not only the FCC but also the FBI and the US Secret Services of any data breach.

The proposal comes at a time when T-Mobile experienced a recent data breach which exposed some customers’ Customer Proprietary Network Information (CPNI), and which was preceded by a much larger data breach in early 2021 that affected more than 50 million users. According to The Verge, under the new proposed FCC regulations, T-Mobile would have been under stricter guidelines on how and when to notify customers of the breach.

It remains unclear when the new FCC proposal would come into effect for cell phone companies or if the new proposal will even pass. The FCC is currently in a deadlock with Democratic and Republican members.

That concludes Your Worldwide INTERNET REPORT for this week! 

Remember to SUBSCRIBE and spread the word about this amazing news service.

This issue of Your Worldwide INTERNET REPORT was written by Taylor Hudak; Edited by Suzie Dawson and Sean O’Brien; Graphics by Kimber Maddox; with production support by David Sutton.

Talk Liberation - Your Worldwide INTERNET REPORT was brought to you by Panquake.com. We Don’t Hope, We Build! 

© Talk Liberation Limited. The original content of this article is licensed under a Creative Commons Attribution-ShareAlike 4.0 International license. Please attribute copies of this work to “Talk Liberation” or talkliberation.com. Some of the work(s) that this program incorporates may be separately licensed. For further information or additional permissions, contact licensing@talkliberation.com