View profile

"a broken, surreptitious industry in desperate need of regulation" | The Cat Herder, Volume 4, Issue 6

Clearview again, Clubhouse again. Metaphysics from the Irish Prison Service: if a  ̶t̶r̶e̶e̶ ̶f̶a̶l̶l
February 14 · Issue #119 · View online
The Cat Herder
Clearview again, Clubhouse again. Metaphysics from the Irish Prison Service: if a  ̶t̶r̶e̶e̶ ̶f̶a̶l̶l̶s̶ ̶i̶n̶ ̶t̶h̶e̶ ̶f̶o̶r̶e̶s̶t̶ surveillance camera isn’t connected can it truly be said to be a surveillance camera?

“The discovery of the cameras was investigated by local management and it was quickly confirmed that neither camera was operational, cabled or capable of operating. At no stage was there any surveillance of staff taking place,” according to the IPS.
Who among us hasn’t felt a sense of relief when discovering the unexpected surveillance cameras we found in a wall cavity weren’t connected to anything and were therefore surely only decorative cameras added as a tasteful afterthought by the interior designer?
Irish Prison Service denies cameras found in staff locker rooms were used for covert surveillance 
Reading this from Ireland a lot of it sounds familiar. As has been said here before, you can’t app your way out of a pandemic.
As the pandemic raged on into a new calendar year, public health experts began to publicly voice less enthusiastic opinions. Late last year, the poor execution of the contact tracing feature led Monica Castro, director of epidemiological surveillance at Uruguay’s Ministry of Public Health, to publicly assert that Covid apps overall had been less successful than technologists claimed.
Why Uruguay’s “miracle” Covid-19 app failed to deliver - Rest of World
Those of us who remember Plaxo from more than fifteen years ago or multiple examples of contacts snaffling since then saw this coming.
It’s worth pointing out that Clubhouse is extremely well funded ($110 million over 3 funding rounds). The latest funding round was raised on the 21st January of this year, well after data protection concerns had been raised. Founders Paul Davison and Rohan Seth worked at Pinterest and Google respectively. So everyone involved should know better than to do this, which is pretty goddam illegal in Europe.
Clubhouse Is Suggesting Users Invite Their Drug Dealers and Therapists | by Will Oremus | Feb, 2021 | OneZero
Remember folks, you wouldn’t go to a new bar or restaurant and hand over your address book to a staff member as you went in the door so it’s probably best not to do that with Clubhouse either.
Age verification is a thorny and complex problem. Biometric guessing is probably not the solution.
Yoti pitches biometric age estimation to regulate social media access for 7 to 11-year-olds | Biometric Update
The company is building a biometric dataset by asking parents to submit a photo of their child through a web portal, specifically for the purpose of training age estimation algorithms for improved performance. Yoti points out that the process is not facial recognition, as it does not match faces. It also does not reveal any personal information, but simply estimates age based on analysis by a neural network.
Giving your children’s photos to a biometric guessing company is probably not a good idea either.
The Swedish DPA fined the Swedish police ~€250,000 for the unlawful use of Clearview AI.
The Swedish Authority for Privacy Protection finds that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using Clearview AI to identify individuals.
Upon news in the media of the Swedish Police Authority using the application Clearview AI for facial recognition the Swedish Authority for Privacy Protection (IMY) initiated an investigation against the Police.
The EDPS has called for a “a phase-out leading to a prohibition of targeted advertising on the basis of pervasive tracking, as well as restrictions in relation to the categories of data that can be processed for targeting purposes and the categories of data that may be disclosed to advertisers or third parties to enable or facilitate targeted advertising.”
The European Union’s lead data protection supervisor has recommended that a ban on targeted advertising based on tracking internet users’ digital activity be included in a major reform of digital services rules which aims to increase operators’ accountability, among other key goals.
The European Data Protection Supervisor (EDPS), Wojciech Wiewiorówski, made the call for a ban on surveillance-based targeted ads in reference to the Commission’s Digital Services Act (DSA) — following a request for consultation from EU lawmakers.
European Data Protection Supervisor: ‘Opinion 1/2021 on the Proposal for a Digital Services Act’ [direct link to PDF]
The Polish DPA issued a fine of around €20,000 for non-compliance with an administrative order made by the DPA to communicate a data breach to the affected data subjects.
Google has entirely unsurprisingly gone to court to challenge the €100 million fine imposed on it by the CNIL last December.
  • “But what is more insidious is the Faustian bargain made with the marketing industry, which turns every location ping into currency as it is bought and sold in the marketplace of surveillance advertising … While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance. In one instance, three members of a single family were tracked in the data.” From ‘They Stormed the Capitol. Their Apps tracked them’ by Stuart Thomson for The New York Times. The quote for the subject line of this newsletter is take from an accompanying thread on Twitter by Charlie Warzel, which is also worth reading.
  • “The patent application describes many possible uses for its technology that go beyond the realm of law enforcement. Clearview AI, the application reads, “presents a method for providing information about a subject (e.g., a person, an unknown person, a newly met person, a person with deficient memory, a criminal, an intoxicated person, a drug user, a homeless person).” The application also says that a version of Clearview could pull up profile information associated with a face match. This information could include things like date and place of birth, nationality, educational history, phone numbers, email addresses, hobbies, and personal interests.” From ‘A Clearview AI Patent Application Describes Facial Recognition For Dating, And Identifying Drug Users And Homeless People’ by Caroline Haskins, Ryan Mac and Brianna Sacks for Buzzfeed.
  • The latest round in the development of an e-Privacy Regulation reached something of a staging post during the week. The compromise agreed by member state governments doesn’t appear to pay much attention to the last seven years or more of ECJ judgments on data retention, which is foolish. “On Wednesday, France withheld its support of the text until the Portuguese presidency made some last-minute changes that would open the door for EU countries to retain data. The final Council proposal reflects Paris’ wishes, according to an internal note by the French authorities, obtained by digital rights NGO Access Now via an access to document request and shared with POLITICO.” From ‘How Europe’s new privacy rules survived years of negotiations, lobbying and drama’ by Laura Kayali and Vincent Manancourt for Politico. How long this compromise survives for remains to be seen.

Endnotes & Credits
Find us on the web at and on Twitter at @PrivacyKit. Of course we’re not on Facebook or LinkedIn.
If you know someone who might enjoy this newsletter do please forward it on to them.
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Privacy Kit, Made with 💚 in Dublin, Ireland