jm + data-privacy   15

The Australian Bureau of Statistics Tracked People By Their Mobile Device Data.
The ABS claims population estimates have a “major data gap” and so they’ve been a busy bee figuring out a way to track crowd movement. Their solution? Mobile device user data. “…with its near-complete coverage of the population, mobile device data is now seen as a feasible way to estimate temporary populations,” states a 2017 conference extract for a talk by ABS Demographer Andrew Howe.

While the “Estimated Resident Population” (ERP) is Australia’s official population measure, the ABS felt the pre-existing data wasn’t ‘granular’ enough. What the ABS really wanted to know was where you’re moving, hour by hour, through the CBD, educational hubs, tourist areas. Howe’s ABS pilot study of mobile device user data creates population estimates with the help of a trial engagement with an unnamed telco company. The data includes age and sex breakdowns. The study ran between the 18th April to 1st May 2016. [....]

Electronic Frontiers Australia board member Justin Warren also pointed out that while there are beneficial uses for this kind of information, “…the ABS should be treading much more carefully than it is. The ABS damaged its reputation with its bungled management of the 2016 Census, and with its failure to properly consult with civil society about its decision to retain names and addresses. Now we discover that the ABS is running secret tracking experiments on the population?”

“Even if the ABS’ motives are benign, this behaviour — making ethically dubious decisions without consulting the public it is experimenting on — continues to damage the once stellar reputation of the ABS.”

“This kind of population tracking has a dark history. During World War II, the US Census Bureau used this kind of tracking information to round up Japanese-Americans for internment. Census data was used extensively by Nazi Germany to target specific groups of people. The ABS should be acutely aware of these historical abuses, and the current tensions within society that mirror those earlier, dark days all too closely.”
abs  australia  tracking  location-data  privacy  data-privacy  mobile 
yesterday by jm
Use the GDPR to find who has advertised to you on Facebook, and get them to delete your details
Sometimes you get ads on Facebook and you are just not interested in what they’re selling. This is a way to find out who has uploaded your email address into facebook to target ads at you, and then- if you’re in the EU- how to use the new General Data Protection Regulation to get those advertisers to delete you from their system.


Totally going to do this. roll on May 25
gdpr  facebook  privacy  ads  data-privacy  eu 
2 days ago by jm
Palantir Knows Everything About You
This is so fucking dystopian:
Operation Laser has made L.A. cops more surgical — and, according to community activists, unrelenting. Once targets are enmeshed in a [Palantir] spidergram, they’re stuck.

Manuel Rios, 22, lives in the back of his grandmother’s house at the top of a hill in East L.A., in the heart of the city’s gang area. [...] He grew up surrounded by friends who joined Eastside 18, the local affiliate of the 18th Street gang, one of the largest criminal syndicates in Southern California. Rios says he was never “jumped in”—initiated into 18. He spent years addicted to crystal meth and was once arrested for possession of a handgun and sentenced to probation. But except for a stint in county jail for a burglary arrest inside a city rec center, he’s avoided further trouble and says he kicked his meth habit last year.

In 2016, Rios was sitting in a parked car with an Eastside 18 friend when a police car pulled up. His buddy ran, pursued by the cops, but Rios stayed put. “Why should I run? I’m not a gang member,” he says over steak and eggs at the IHOP near his home. The police returned and handcuffed him. One of them took his picture with a cellphone. “Welcome to the gang database!” the officer said.

Since then he’s been stopped more than a dozen times, he says, and told that if he doesn’t like it he should move. He has nowhere to go. His girlfriend just had a baby girl, and he wants to be around for them. “They say you’re in the system, you can’t lie to us,” he says. “I tell them, ‘How can I be in the hood if I haven’t got jumped in? Can’t you guys tell people who bang and who don’t?’ They go by their facts, not the real facts.”

The police, on autopilot with Palantir, are driving Rios toward his gang friends, not away from them, worries Mariella Saba, a neighbor and community organizer who helped him get off meth. When whole communities like East L.A. are algorithmically scraped for pre-crime suspects, data is destiny, says Saba. “These are systemic processes. When people are constantly harassed in a gang context, it pushes them to join. They internalize being told they’re bad.”
palantir  surveillance  privacy  precrime  spidergrams  future  la  gangs  justice  algorithms  data-protection  data-privacy  policing  harrassment 
5 days ago by jm
A flaw-by-flaw guide to Facebook’s new GDPR privacy changes | TechCrunch
Overall, it seems like Facebook is complying with the letter of GDPR law, but with questionable spirit. Sure, privacy is boring to a lot of people. Too little info and they feel confused and scared. Too many choices and screens and they feel overwhelmed and annoyed. Facebook struck the right balance in some places here. But the subtly pushy designs seem intended to steer people away from changing their defaults in ways that could hamper Facebook’s mission and business.
gdpr  design  facebook  privacy  data-protection  data-privacy  social-networking  eu  law 
7 days ago by jm
London police’s use of AFR facial recognition falls flat on its face
A “top-of-the-line” automated facial recognition (AFR) system trialled for the second year in a row at London’s Notting Hill Carnival couldn’t even tell the difference between a young woman and a balding man, according to a rights group worker invited to view it in action. Because yes, of course they did it again: London’s Met police used controversial, inaccurate, largely unregulated automated facial recognition (AFR) technology to spot troublemakers. And once again, it did more harm than good.

Last year, it proved useless. This year, it proved worse than useless: it blew up in their faces, with 35 false matches and one wrongful arrest of somebody erroneously tagged as being wanted on a warrant for a rioting offense.

[...] During a recent, scathing US House oversight committee hearing on the FBI’s use of the technology, it emerged that 80% of the people in the FBI database don’t have any sort of arrest record. Yet the system’s recognition algorithm inaccurately identifies them during criminal searches 15% of the time, with black women most often being misidentified.
face-recognition  afr  london  notting-hill-carnival  police  liberty  met-police  privacy  data-privacy  algorithms 
september 2017 by jm
'Let’s all survive the GDPR'
Simon McGarr and John Looney's slides from their SRECon '17 presentation
simon-mcgarr  data-privacy  privacy  data-protection  gdpr  slides  presentations 
september 2017 by jm
Australian Doctor on Twitter: "Outcry as MyHealthRecord default privacy setting left open to universal access"
Funnily enough, this is exactly what Ross Anderson warned about 10 years ago re patient record digitisation in the UK.

'Occupational therapists working for an employer, doctors working for insurance companies, a dietitian, an optometrist or a dentist or their staff can view the [patient] record and see if individuals have a sexually transmitted disease, a mental illness, have had an abortion or are using Viagra.'
privacy  heaith  australia  myhealthrecord  data-protection  data-privacy  healthcare  medicine 
april 2017 by jm
Research Blog: Federated Learning: Collaborative Machine Learning without Centralized Training Data
Great stuff from Google - this is really nifty stuff for large-scale privacy-preserving machine learning usage:

It works like this: your device downloads the current model, improves it by learning from data on your phone, and then summarizes the changes as a small focused update. Only this update to the model is sent to the cloud, using encrypted communication, where it is immediately averaged with other user updates to improve the shared model. All the training data remains on your device, and no individual updates are stored in the cloud.

Federated Learning allows for smarter models, lower latency, and less power consumption, all while ensuring privacy. And this approach has another immediate benefit: in addition to providing an update to the shared model, the improved model on your phone can also be used immediately, powering experiences personalized by the way you use your phone.

Papers:
https://arxiv.org/pdf/1602.05629.pdf , https://arxiv.org/pdf/1610.05492.pdf
google  ml  machine-learning  training  federated-learning  gboard  models  privacy  data-privacy  data-protection 
april 2017 by jm
Self-driving cars: overlooking data privacy is a car crash waiting to happen
Interesting point -- self-driving cars are likely to be awash in telemetry data, "phoned home"
self-driving  cars  vehicles  law  data  privacy  data-privacy  surveillance 
july 2016 by jm
Amazon Echo security fail
Ughhhh.
Amazon Echo sends your WiFi password to Amazon. No option to disable. Trust us it's in an "encrypted file"
amazon  echo  wifi  passwords  security  data-privacy  data-protection 
january 2016 by jm
WePromise.EU
'The European election will take place between 22 and 25 May 2014. Citizens, promise to vote for candidates that have signed a 10-point charter of digital rights! Show candidates that they need to earn your vote by signing our charter!'
europarl  ep  digital-rights  rights  ireland  eu  data-privacy  data-protection  privacy 
march 2014 by jm
Big doubts on big data: Why I won't be sharing my medical data with anyone - yet
These problems can be circumvented, but they must be dealt with, publically and soberly, if the NHS really does want to win public confidence. The NHS should approach selling the scheme to the public as if was opt-in, not opt-out, then work to convince us to join it. Tell us how sharing our data can help, but tell us what risk too. Let us decide if that balance is worth it. If it's found wanting, the NHS must go back to the drawing board and retool the scheme until it is. It's just too important to get wrong.
nhs  uk  privacy  data-protection  data-privacy  via:mynosql  big-data  healthcare  insurance 
february 2014 by jm
UK NHS will soon require GPs pass confidential medical data to third parties
Specifically, unanonymised, confidential, patient-identifying data, for purposes of "admin, healthcare planning, and research", to be held indefinitely, via the HSCIC. Opt-outs may be requested, however
opt-out  privacy  medical  data  healthcare  nhs  uk  data-privacy  data-protection 
january 2014 by jm
Experian Sold Consumer Data to ID Theft Service
This is what happens when you don't have strong controls on data protection/data privacy -- the US experience.
While [posing as a US-based private investigator] may have gotten the [Vietnam-based gang operating the massive identity fraud site Superget.info] past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.

“The issue in my mind was the fact that this went on for almost a year after Experian did their due diligence and purchased” Court Ventures, Martin said. “Why didn’t they question cash wires coming in every month? Experian portrays themselves as the data-breach experts, and they sell identity theft protection services. How this could go on without them detecting it I don’t know. Our agreement with them was that our information was to be used for fraud prevention and ID verification, and was only to be sold to licensed and credentialed U.S. businesses, not to someone overseas.”


via Simon McGarr
via:tupp_ed  privacy  security  crime  data-protection  data-privacy  experian  data-breaches  courtventures  superget  scams  fraud  identity  identity-theft 
october 2013 by jm
Irish EU Council Presidency proposes destruction of right to privacy | EDRI
'For example, based on the current situation in Ireland, the idea is that all companies can do whatever they want with personal data, without fear of sanction. Sanctions, such as fines, “should be optional or at least conditional upon a prior warning or reprimand”. In other words, do what you want, the worst that can happen is that you will receive a warning.' Shame! Daragh O'Brien's comment: 'utter idiocy'. ( at https://twitter.com/daraghobrien/status/292041500873850880 )
privacy  ireland  eu  fail  data-protection  data-privacy  politics 
january 2013 by jm

Copy this bookmark:



description:


tags: