Advanced Search
Content Type: Examples
Sonos, which makes connected home sound systems, has told its customers that they will not be able to opt out of a new privacy policy launched in August 2017 that allows the company to begin collecting audio settings, errors, and other account data. Customers can opt out of sending some types of personal information, but not functional data such as email addresses, IP addresses, account login information, and information about the rooms, devices, wifi antennas, and other hardware the system…
Content Type: Examples
Owners of the Hong Kong-based sex toy company Lovense's vibrators who installed the company's remote control app were surprised to discover that the app was recording user sessions without their knowledge. They had authorised the app to use the phone's built-in microphone and camera, but only for use within the app's built-in chat function and to send voice clips on command. Lovense says that no data was sent to its servers, and that the audio files users have found stored on their phones are…
Content Type: Examples
On September 11, 2017, while Florida residents were evacuating during the approach of Hurricane Irma, Tesla rolled out a real-time software update that increased the battery capacity of some of its Model S sedans and Model X SUVs. The update extended the vehicles' range, enabling drivers to travel further on a single charge, and was rolled out in response to requests for help from customers stuck in traffic while trying to evacuate. Tesla said the increase was temporary, and would be reversed…
Content Type: Examples
The UK consumer watchdog Which? has called on retailers to stop selling popular connected toys it says have proven security issues. These include Hasbro's Furby Connect, Vivid Imagination's I-Que robot, and Spiral Toys' Cloudpets and Toy-fi Teddy. In its report, Which? found that these toys do not require authentication to link to other devices via Bluetooth, meaning that any device within range could connect to the toys and take control of them or send messages. Spiral Toys did not comment.…
Content Type: Examples
The UK Information Commissioner's Office has published policy guidelines for big data, artificial intelligence, machine learning and their interaction with data protection law. Applying data protection principles becomes more complex when using these techniques. The volume of data, the ways it's generated, the complexity of the way it's processed, the new uses found for it, and the potential for unexpected consequences to individuals are all among the challenges the ICO considers. The report…
Content Type: Examples
A mistake in Facebook's machine translation service led to the arrest and questioning of a Palestinian man by Israeli police. The man, a construction worker on the West Bank, posted a picture of himself leaning against a bulldozer like those that have been used in hit-and-run terrorist attacks, with a caption that correctly translates to "good morning". Facebook's AI translated it into "hurt them" in English or "attack them" in Hebrew. Based on that, police officers arrested him later that day…
Content Type: Examples
A 2017 Freedom House survey of 65 countries found that 30 of them were using armies of "opinion-shapers" to manipulate elections, advance anti-democratic agendas, and repress their citizens. Although most of these countries direct these efforts to manipulate opinion domestically, the report finds that manipulation and disinformation played a role in elections in at least 17 other countries, including the US presidential election and the UK's EU referendum. The number of…
Content Type: Examples
An investigation by the Irish Data Protection Commissioner has led Eir, a telecommunications company, to replace almost 20,000 modems supplied to customers with basic broadband packages without access to fibre services. The action follows an incident in 2016 in which nearly 2,000 customer routers were breached. At the time, Eir contacted about 130,000 of its broadband customers whose routers were believed to be vulnerable to infection by a virus that could enable the routers to be hacked. Eir…
Content Type: Examples
A paper by Michael Veale (UCL) and Reuben Binns (Oxford), "Fairer Machine Learning in the Real World: Mitigating Discrimination Without Collecting Sensitive Data", proposes three potential approaches to deal with hidden bias and unfairness in algorithmic machine learning systems. Often, the cause is biases in the historical data used to train these systems. In the first approach, trusted third parties selectively store the data needed to audit systems and discover discrimination and incorporate…
Content Type: Examples
In the remote western city Xinjiang, the Chinese government is using new technology and humans to monitor every aspect of citizens' lives. China, which has gradually increased restrictions in the region over the last ten years in response to unrest and violent attacks, blames the need for these measures on the region's 9 million Uighurs. This Muslim ethnic minority make up nearly half of the region's population, and the government accuses them of forming separatist groups and fuelling…
Content Type: Examples
Cracked Labs examines the impact on individuals, groups, and wider society of the corporate use of personal information as it feeds into automated decision-making, personalisation, and data-driven manipulation. On the web, companies track us via hidden software that collects information about the sites we use, our navigation patterns, and even our keystrokes, mouse movements, and scrolling activity and transmits it to hundreds of third-party companies. Similarly, smartphones send a flow of…
Content Type: Examples
The Dutch data protection authority has found that Microsoft's Windows 10 operating system breaches Dutch law by processing personal data of the system's users without informing them clearly about what type of data the company uses and for what purpose. In addition, users cannot give valid consent because the company does not clearly inform them that under the default settings it collects personal usage data through its Edge web browser. The result is to rob users of control over both their…
Content Type: Examples
Privacy and child advocacy groups in the US, Denmark, Belgium, the Netherlands, Sweden, Germany, and the UK are filing complaints with regulators after a study by the Norwegian Consumer Council found critical security flaws and missing privacy protection in children's smartwatches. The watches, which are functionally essentially wearable smartphones, are intended to help parents keep an eye on their children. However, the NCC's research found that they can be easily taken over by strangers and…
Content Type: Examples
In 2017, after protests from children's health and privacy advocates, Mattel cancelled its planned child-focused "Aristotle" smart hub. Aristotle was designed to adapt to and learn about the child as they grew while controlling devices from night lights to homework aids. However, Aristotle was only one of many tech devices being released onto the market to take over functions that have traditionally been part of the intimate relationship between children and their parents: a smart cradle that…
Content Type: Examples
A report from the University of Washington studies parents' and children's interactions with general-purpose connected devices and connected toys. There are numerous privacy issues: toy companies may collect masses of children's intimate data; the toys may enable parents to spy on their children, and criminals hacking these systems may be able to identify and locate the children. For example, the 2015 cyber attack on VTech, a children's tablet maker, exposed the personal data of 5 million…
Content Type: Examples
In 2016, researchers at the University of Birmingham and the German engineering firm Kasper & Oswald discovered two vulnerabilities in the keyless entry systems affecting practically every car Volkswagen Group had sold since 1995, estimated at 100 million vehicles. Two separate attacks use cheap, readily available radio hardware to intercept signals from a car owner's key fob and use them to clone the key. A hardware radio is not needed; the researchers were able to perform the attacks…
Content Type: Examples
A pregnancy-tracking app collected basic information such as name, address, age, and date of last period from its users. A woman who miscarried found that although she had entered the miscarriage into the app to terminate its tracking, the information was not passed along to the marketers to which the app's developer had sold it. A few weeks before her original due date, a package was delivered to her home including a note of congratulations and a box of baby formula. Although the baby had died…
Content Type: Examples
In the wake of Tesla’s first recorded autopilot crash, automakers are reassessing the risk involved with rushing semi-autonomous driving technology into the hands of distractible drivers. But another aspect of autopilot—its ability to hoover up huge amounts of mapping and “fleet learning” data—is also accelerating the auto industry’s rush to add new sensors to showroom-bound vehicles. This may surprise some users: Tesla’s Terms of Use (TOU) does not explicitly state that the company will…
Content Type: Examples
At the 2016 Usenix Workshop on Offensive Technologies, researchers from the University of Michigan presented the results of tests that showed that industrial vehicles - a 2006 semi-trailer and a 2001 school bus - were subject to the same security flaws as had already been found in domestic cars. Via digital signals sent within a big truck's internal network, the researchers were able to change the truck's instrument panel readout, trigger unintended acceleration, and even disable part of the…
Content Type: Examples
In 2013, in collaboration with the Illinois Institute of Technology, the Chicago Police Department set up the Strategic Subjects List, an effort to identify the most likely victims and perpetrators of gun violence. In 2016, a report published by the RAND Corporation found that the project, which had been criticised by both the American Civil Liberties Union and the Electronic Frontier Foundation, simply did not work in the sense of directing social services to those who needed them or keep…
Content Type: Examples
The light surrounding you this very second may be used to expose how much money you make, where you live, when you're home, and much more. That's the big takeaway from
A 2016 analysis of ambient light sensors by London-based security and privacy consultant and University College London researcher Lukasz Olejnik warns that light readings convey rich and sensitive data about users. Light sensors' primary use is to adjust screen brightness to the user's surroundings. However, when…
Content Type: Examples
In May 2014 the Polish Ministry of Labor and Social Policy (MLSP) introduced a scoring system to distribute unemployment assistance. Citizens are divided into three categories by their “readiness” to work, the place they live, disabilities and other data. Assignment to a given category determines the type of labor market programs that a particular person can receive from the local labor offices (e.g. job placement, vocational training, apprenticeship, activation allowance). The Panoptykon…
Content Type: Examples
A 2016 report, "The Perpetual Lineup", from the Center for Privacy and Technology at Georgetown University's law school based on records from dozens of US police departments found that African-Americans are more likely to have their images captured, analysed, and reviewed during computerised searches for crime suspects than members of other races. Because African-Americans are more likely to be arrested and have their mug shots taken, and because police criminal databases are rarely updated to…
Content Type: Examples
In 2016 reports surfaced that bricks-and-mortar retailers were beginning to adopt physical-world analogues to the tracking techniques long used by their online counterparts. In a report, Computer Sciences Corporation claimed that about 30% of retailers were tracking customers in-store via facial recognition and cameras such as Intel's RealSense cameras, which can analyse facial expressions and identify the clothing brands a customer is wearing. Intel noted that the purpose was to build general…
Content Type: Examples
The "couples vibrator" We-Vibe 4 Plus is controlled via a smartphone app connected to the device via Bluetooth. In 2016, researchers revealed at Defcon that the devices uses its internet connectivity to send information back to its manufacturer including the device's temperature, measured every minute, and vibration level, whenever a user changes it. Based on that information, the manufacturer, Standard Innovations Corporation, can work out deeply intimate information about device users. The…
Content Type: Examples
Caucuses, which are used in some US states as a method of voting in presidential primaries, rely on voters indicating their support for a particulate candidate by travelling to the caucus location. In a 2016 Marketplace radio interview, Tom Phillips, the CEO of Dstillery, a big data intelligence company, said that his company had collected mobile device IDs at the location for each of the political party causes during the Iowa primaries. Dstillery paired caucus-goers with their online…
Content Type: Examples
In what proved to be the first of several years of scandals over the use of personal data in illegal, anti-democratic campaigning, in 2015 the Guardian discovered that Ted Cruz's campaign for the US presidency paid at least $750,000 that year to use tens of millions of profiles of Facebook users gathered without their permission by Cambridge Analytica, owned by London-based Strategic Communications Laboratories. Financially supported by leading Republican donor Robert Mercer, CA amassed these…
Content Type: Examples
In 2016, security expert Ken Munro discovered security bugs in the onboard wifi in Mitsubishi's Outlander hybrid car that could be exploited to turn off the car's alarm. Some aspects of the Outlander can be controlled by a smartphone app that talks to the car via the onboard wifi. Security flaws in the way the wifi is set up include using a distinctive format for the cars' access points, enabling outsiders to track these cars. Munro also found the car was vulnerable to replay attacks; he was…
Content Type: Examples
In a presentation given at the Knowledge Discovery and Data Mining conference in 2016, researchers discussed a method of using the data generated by smart card public transport tickets to catch pickpockets. In a study of 6 million passenger movements in Beijing, the researchers used a classifier to pick out anomalous journeys - sudden variations in the patterns of ordinary travellers or routes that made no sense. A second classifier primed with information derived from police reports and social…
Content Type: Examples
In 2015, a newly launched image recognition function built into Yahoo's Flickr image hosting site automatically tagged images of black people with tags such as "ape" and "animal", and also tagged images of concentration camps with "sport" or "jungle gym". The company responded to user complaints by removing some of the tags from the software's lexicon and noted that the algorithm would learn and improve when users deleted inappropriate tags. The auto-tagging system had already attracted many…