Weekly Surveillance and Privacy News

Table of Contents

1. Introduction
2. Clearview AI and Facial Recognition
3. Companies and their Relations with China
4. Browser News
5. Healthcare Companies and Data Breaches
6. Samsung and Disney
7. Cybersecurity News
8. Politics and Surveillance Programs
9. Positive News in the US
10. Misfits

Clearview AI and Facial Recognition

Clearview AI, a facial recognition company, has been in the news recently for scraping images of users on social media. Canada has expressed concern with Clearview and is planning an investigation on law enforcement to see if it complies with their privacy laws. Clearview AI had their entire client list stolen, which revealed hundreds of different law enforcement agencies including the DOJ, FBI, ICE, and Macy's. The intruder who gained access also knows how many accounts each organization is set up as well as the number of searches they've conducted. Apple has found Clearview to violate their privacy policies and has disabled the app and shut down the developer account.

Companies and their Relations with China

Apple and TikTok both declined a request to testify at a March congressional hearing which would probe their relationships with China. The TSA has decided to ban TikTok, adding it to the list of US agencies banning the app. The EFF and 10:10, other human rights organizations, are spanning against Apple and their restrictive control over what apps users can download which enables them to implement content restrictions on the App Store in China. They're fighting Apple's decision to move iCloud backups and encryption keys to within China.

Browser News

Firefox has made their encrypted DNS feature available to standard Firefox for US users. Brave also got a nifty new feature that will retrieve old versions of websites that no longer exist to prevent 404 errors online using the Wayback Machine. Brave hits some headlines for being "the most private browser" according to a study. However, the headline is pretty misleading as all the study looks at is the calls to home of the major six browsers by default.

Healthcare Companies and Data Breaches

Pacific Guardian life insurance in Hawaii got hit by a data breach. Munson Healthcare also had a breach of employee email accounts.

Samsung and Disney

Despite Samsung promising last week that the weird 1:1 notification was harmless, it turns out it wasn't. Some users were able to access the personal data of other users. Disney wants to bring facial recognition and AI to determine how much their audiences enjoy different parts of movies.

Cybersecurity News

Let's Encrypt issued their six billionth certificate. Microsoft has brought their Defender antivirus for Linux which is supported on distros like Ubuntu, CentOS, Debian, and more. A new malware strain can extract and steal OTP codes generated in Google Authenticator thanks to the Trojan Service. Major vulnerabilities in the top three VPNs in the Google Playstore allowed man-in-the-middle attacks that intercept communications between the user and VPN provider. The Tri Foam Art vacuum has multiple security vulnerabilities which grant hackers access to the cameras.

Politics and Surveillance Programs

The New York Times found that an NSA agency system that analyzed lives of Americans' domestic phone calls and text messages yielded only a single significant investigation for only a total of two that generated information the FBI didn't already possess. House Democrats are working on a draft bill to amend the Patriot Act and limit the NSA's authority over the call details Record program. An unnamed natural gas facility was forced to shut down operations for two days because of a ransomware attack. Over in Alabama, a bill has found its way through legislature that could make it mandatory for healthcare providers to put your personal information into a statewide vaccine database through a company. EU police are planning a pan-European network of facial recognition databases.

Positive News in the US

A subcommittee is seeking information about Ring's relationships with police and local governments to hopefully see if this is even lawful. The FCC is set to fine four major mobile phone companies at least 200 million dollars for the recent Consumer real-time location data disclosures that were happening. The NYPD has announced it will remove some non-convicts from its local DNA database, which will remove thousands of profiles.

Misfits

Ten schools across the US are looking at installing location tracking company Inpixon's radio frequency scanners which pick up Wi-Fi and Bluetooth signals from students' phones and track them with accuracy down to about one meter. Shark Tank host Barbara lost almost $400,000 in an email phishing scam that tricked her staff.

Article

It's Friday, and as always, we're going to start with companies. The biggest news this past week has almost hands-down been about Clearview AI, which is a facial recognition company that's been scraping images of users on social media. Canada has expressed concern with Clearview and is planning an investigation on law enforcement to see if it complies with their privacy laws. Luckily, we all got a partial answer without their help since Clearview AI had their entire client list stolen, which revealed hundreds of different law enforcement agencies including the DOJ, FBI, ICE, and Macy's. The intruder who gained access also knows how many accounts each organization is set up as well as the number of searches they've conducted. The reporters were able to download their android apk without a login because of a misconfigured cloud server, and they were able to get pretty much as much information as You can get without needing an account. Little things like what analytics it uses, it doesn't allow screenshotting, a link to augmented reality glasses, and it includes scripts from Google for scanning driver's licenses as well as other things. On the Apple side of things, Apple has found Clearview to violate their privacy policies and has disabled the app and shut down the developer account.

Moving on to companies and their relations with China, Apple and TikTok both declined a request to testify at a March congressional hearing which would probe their relationships with China. The TSA has decided to ban TikTok, adding it to the list of US agencies banning the app. The EFF and 10:10, other human rights organizations, are spanning against Apple and their restrictive control over what apps users can download which enables them to implement content restrictions on the App Store in China. They're fighting Apple's decision to move iCloud backups and encryption keys to within China.

In browser news, Firefox has made their encrypted DNS feature available to standard Firefox for US users. Brave also got a nifty new feature that will retrieve old versions of websites that no longer exist to prevent 404 errors online using the Wayback Machine. Brave hits some headlines for being "the most private browser" according to a study. However, the headline is pretty misleading as all the study looks at is the calls to home of the major six browsers by default.

Healthcare companies also got hit this week. Pacific Guardian life insurance in Hawaii got hit by a data breach. Munson Healthcare also had a breach of employee email accounts.

Despite Samsung promising last week that the weird 1:1 notification was harmless, it turns out it wasn't. Some users were able to access the personal data of other users. Disney wants to bring facial recognition and AI to determine how much their audiences enjoy different parts of movies.

In cybersecurity news, Let's Encrypt issued their six billionth certificate. Microsoft has brought their Defender antivirus for Linux which is supported on distros like Ubuntu, CentOS, Debian, and more. A new malware strain can extract and steal OTP codes generated in Google Authenticator thanks to the Trojan Service. Major vulnerabilities in the top three VPNs in the Google Playstore allowed man-in-the-middle attacks that intercept communications between the user and VPN provider. The Tri Foam Art vacuum has multiple security vulnerabilities which grant hackers access to the cameras.

Politics and surveillance programs are definitely on the move this week. The New York Times found that an NSA agency system that analyzed lives of Americans' domestic phone calls and text messages yielded only a single significant investigation for only a total of two that generated information the FBI didn't already possess. House Democrats are working on a draft bill to amend the Patriot Act and limit the NSA's authority over the call details record program. An unnamed natural gas facility was forced to shut down operations for two days because of a ransomware attack. Over in Alabama, a bill has found its way through legislature that could make it mandatory for healthcare providers to put your personal information into a statewide vaccine database through a company. EU police are planning a pan-European network of facial recognition databases.

There was quite a bit of positive news in the US this week. A subcommittee is seeking information about Ring's relationships with police and local governments to hopefully see if this is even lawful. The FCC is set to fine four major mobile phone companies at least 200 million dollars for the recent Consumer real-time location data disclosures that were happening. The NYPD has announced it will remove some non-convicts from its local DNA database, which will remove thousands of profiles.

Finally, in the misfits category, ten schools across the US are looking at installing location tracking company Inpixon's radio frequency scanners which pick up Wi-Fi and Bluetooth signals from students' phones and track them with accuracy down to about one meter. Shark Tank host Barbara lost almost $400,000 in an email phishing scam that tricked her staff.

Highlights

• Clearview AI had their entire client list stolen, which revealed hundreds of different law enforcement agencies including the DOJ, FBI, ICE, and Macy's.
• Apple and TikTok both declined a request to testify at a March congressional hearing which would probe their relationships with China.
• Firefox has made their encrypted DNS feature available to standard Firefox for US users.
• Let's Encrypt issued their six billionth certificate.
• The New York Times found that an NSA agency system that analyzed lives of Americans' domestic phone calls and text messages yielded only a single significant investigation for only a total of two that generated information the FBI didn't already possess.
• A subcommittee is seeking information about Ring's relationships with police and local governments to hopefully see if this is even lawful.

FAQ

Q: What is Clearview AI? A: Clearview AI is a facial recognition company that has been scraping images of users on social media.

Q: What did the stolen client list from Clearview AI reveal? A: The stolen client list revealed hundreds of different law enforcement agencies including the DOJ, FBI, ICE, and Macy's.

Q: What did Apple do in response to Clearview AI? A: Apple found Clearview to violate their privacy policies and has disabled the app and shut down the developer account.

Q: What did Firefox do in their latest update? A: Firefox made their encrypted DNS feature available to standard Firefox for US users.

Q: What did Let's Encrypt do recently? A: Let's Encrypt issued their six billionth certificate.

Q: What did a subcommittee Seek information about? A: A subcommittee is seeking information about Ring's relationships with police and local governments to hopefully see if this is even lawful.