Privacy News Online Week in Review (May 15th, 2020)
Privacy News Online provides a “Week in Review” with privacy news summaries from around the world. Keep up to date with what has happened in the online privacy world over the last week here.
Featured: Privacy News Online – Week of May 15th
Hungary suspends parts of the GDPR as part of their COVID-19 response
Hungarian authorities no longer need to abide by some GDPR privacy and data protections thanks to new measures decreed by the Hungarian Prime Minister – who has complete control over the country thanks to a “state of emergency” declared then extended indefinitely in response to the COVID-19 pandemic. Activists including the Hungarian chapter of Amnesty International as well as the human rights chief of the Council of Europe have spoken out against the endless state of emergency. Under the new measures, Hungarian authorities no longer need to notify citizens that their private information is being used and stored nor do they need to provide a way to request erasure of such data – core components of the GDPR.
The UK’s centralized contact tracing app is a lesson in how not to protect privacy
Countries around the world are working to implement decentralized, privacy protecting contact tracing apps utilizing a contact tracing API developed by Apple and Google – a key component of which is decentralization. In sharp contrast, the United Kingdom has rejected the advice of privacy experts and wants to keep a centralized database of all anti-COVID-19 contact tracing activities from their planned app. Namely, they won’t let people’s information be deleted after it’s uploaded and will allow the data to be accessed for “research purposes.” Avoiding this privacy nightmare is exactly the reason why other countries are opting for a decentralized approach and even the head of the NHSX has admitted that UK’s contact tracing plans aren’t optimized for privacy.
Does California’s Privacy and Consumer Protection Committee protect privacy?
Based on its name, you’d expect the California Privacy and Consumer Protection Committee to try to protect privacy and consumer rights, right? Well the committee’s recent actions beg to differ. The Committee recently voted 8-3 in favor of a facial recognition technology bill that has faced a lot of opposition from organizations such as the ACLU – even a law enforcement group opposes the bill. However, the bill only has one supporter: Microsoft. While advancing the use of anti-privacy facial recognition technology, The committee has also refused to grant hearings to other online privacy bills this session, which makes us question: does the privacy and consumer protection committee actually care about privacy?
More Privacy News This Week:
A deep dive into how WeChat censorship works by The Citizen Lab
WeChat is the most popular messaging app in the world with over 1.165 billion users according to Statista – not all of them within the heavily censored borders of China. It’s long been known that WeChat heavily censors messaging for Chinese citizens – deleting images and memes before they’re sent, filtering our keywords, and giving up offenders to the government. Now a new research report by The Citizen Lab reveals that the surveillance also extends to non China-based users of the app. In fact, WeChat uses the contents of non-China based users to train their censorship algorithms for China-based users. The fact that WeChat, which is run by Chinese company Tencent, does this is not stated in their public policies – and was only recently discovered and proven by The Citizen Lab in this report titled: “We Chat, They Watch.”
Spy software companies are pitching their services to governments to help fight COVID-19
When governments need to access a smartphone or track a dissident, they utilize the services and software of companies like NSO Group and Cellebrite. These are the same companies that had their software used to track journalists such as Khashoggi whom then met a grizzly end at the hands of the governments he wrote against. Reuters reports that these companies are offering their services to governments around the world, capitalizing on the fear of COVID-19. As part of pitch emails seen by Reuters, these companies are offering the ability to “quarantine the right people.” The pitch is to utilize the spyware to access phones of infected individuals so that the government can know who the infected individual has been in contact in in the past and to quarantine said people… what could go wrong? Israel has contracted NSO Group’s services as part of their strongly anti privacy COVID-19 response.
There are many hurdles to contact tracing app adoption – and 60% adoption is needed to be effective
The NY Times took a look at the adoption rates of different contact tracing apps and discovered that the level of privacy invasion correlates with the level of adoption. As an example, North Dakota released a COVID-19 contact tracing app that is centralized and based on location data tracking – and has only seen 3% of its population use it. In contrast, Singapore was one of the first countries to utilize an opt-in LE bluetooth tracking method which has since been adopted as a standard for privacy preserving contact tracing apps and their adoption rate is closer to 20%. Norway also has a centralized model, but has seen 30% adoption. India has seen a 5.5% adoption rate of their mandatory contact tracing app. A study from Oxford University suggests that a 60% adoption rate is what is needed to contain the virus.
Zoom buys Keybase for end-to-end encryption expertise
Keybase is a popular encrypted chat, online collaboration, and file sharing tool that was recently acquired by Zoom for an unreleased price. Zoom has faced lots of security and privacy issues in the past and has recently committed to cleaning up their act. Now it seems that part of this commitment is shoring up encryption expertise by buying out a company that has long been recognized as doing encryption right – and not overmarketing their encryption powers. Many Keybase users are not happy with the acquisition and are seeking to move to other platforms. Keybase co-founder Max Krohn will join Zoom to head its security team.
Brought to you by Private Internet Access
This Privacy News Online week in review was brought to you by Private Internet Access. Don’t forget: Always Use Protection.
Need a VPN? Sign up now.