October 16th, 2014
The Associated Press reports that when some banks’ customers call in to customer service, their voiceprints are being gathered so the banks can identify them. This practice of gathering biometric information, sometimes without giving notice to or obtaining consent from customers, raises substantial privacy questions:
An Associated Press investigation has found that two of America’s biggest retail banks — JPMorgan Chase & Co., and Wells Fargo & Co. — are quietly recording the biometric details of some callers’ voices to weed out fraud. The technology, sometimes called voiceprinting, is aimed at bad guys rather than legitimate customers, but legal and privacy experts alike still have reservations about the practice. [...]
As it stands, seven major American financial institutions are already using blacklists or have run pilots, said Shirley Inscoe, an analyst with the Aite Group, a research and advisory firm. Read more »
October 15th, 2014
Last year, the Federal Trade Commission negotiated a settlement with Aaron’s Rent-To-Own concerning surveillance software that was installed on computers that consumers rented from them. The software, PC Rental Agent from DesignerWare, allowed access to personal e-mails, financial and medical data and webcam photos of partially undressed individuals, the FTC said.
Now, Aaron’s Rent-To-Own has negotiated a settlement with California over charges that it violated the state’s privacy and consumer protection laws. The privacy portion of the settlement is related to the surveillance software. California Attorney General Kamala D. Harris announced in a statement:
In addition, the complaint alleges that Aaron’s violated California state privacy laws by permitting its franchised stores to install spyware on laptop computers rented to its customers. A feature in the spyware program called ‘Detective Mode’, which was installed without consumers’ consent or knowledge, allowed the Aaron’s franchisees to remotely monitor keystrokes, capture screenshots, track the physical location of consumers and even activate the rented computer’s webcam. The installation of this software without customer consent violated California law. Read more »
October 14th, 2014
A recent Intelligence Squared podcast debate included experts discussing whether the mass collection of phone records by the National Security Agency violates the Fourth Amendment. (This was a surveillance program revealed by former NSA contractor Edward Snowden. The program has faced considerable criticism from the public and federal legislators.) The experts are: Alex Abdo, Staff Attorney, ACLU Speech, Privacy and Technology Project; Elizabeth Wydra, Chief Counsel, Constitutional Accountability Center; Stewart Baker, former Assistant Secretary, Homeland Security & former General Counsel, NSA; and John Yoo, Professor of Law, UC Berkeley & former Justice Department lawyer. The moderator is John Donvan, Author & Correspondent for ABC News.
Here’s the blurb on the podcast:
Some say that the mass collection of U.S. phone records is a gross invasion of privacy. Others say that it is necessary to keep us safe. But what does the U.S. Constitution say? “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Is collection of phone records a “search” or “seizure”? If so, is it “unreasonable”? Does it require a particularized warrant and probable cause? These are among the most consequential—and controversial—constitutional questions of our time.
October 13th, 2014
NPR reports on credit card security breaches and the upcoming holiday season in the United States:
Though cyber thieves have stolen millions of card numbers this year, shoppers are heading into the heavy-spending season with no new credit safeguards in place. [...]
[Bryan Sartin, who heads a team of forensic computer techs for Verizon,] says data breaches happen all the time; In fact, only about a third of them are ever made public. In midtown Manhattan, that fact surprises many shoppers, like Alexandra Goodell. [...]
[Jason Oxman, CEO of the Electronic Transaction Association] says the magnetic stripe worked fine until the ’90s. Then came personal computers, which could counterfeit hundreds of credit cards. Because the U.S. had a strong telecom network, retailers went to an online system to verify credit cards’ authenticity. Countries where the Internet wasn’t so great adopted so-called chip cards or smart cards. Read more »
October 10th, 2014
ESPN reports that the NBA’s players union is considering players’ privacy rights as teams increasingly track players’ on- and off-court activities:
As NBA teams use increased technology to track players on and off the court, the players’ union wants to ensure that privacy is still being protected.
Franchises have been scrutinizing player movement on the court since the 2012-13 season, but data collection has also recently extended beyond the hardwood. Various teams have begun experimenting with sleep trackers, off-court movement monitors and fluid tests — including blood and sweat — in order to improve player health and performance.
These developments have happened so quickly and quietly, however, that the National Basketball Players Association was not aware of these widespread biometric advances, and had not established a position on the issue, until ESPN The Magazine approached the union for comment in August. Read more »
October 9th, 2014
The National Security Agency, which has faced considerable criticism from the public and lawmakers since revelations by former contractor Edward Snowden concerning the agency’s broad surveillance programs, recently released its second transparency report.
The document focuses on the civil liberties and privacy protection practices of NSA in the course of targeted signals intelligence activities under Executive Order 12333. Fair Information Practice Principles (FIPPs), the widely accepted framework of defining principles used by federal agencies to evaluate how systems, processes, or programs impact individual privacy, were used as the basis for assesssment.
The report details numerous efforts designed to protect civil liberties and privacy protections in six of the eight FIPPs (Purpose Specification; Data Minimization; Use Limitation; Data Quality and Integrity; Security; and Accountability and Auditing). These protections are underpinned by NSA’s enterprise activities, documented compliance program, and investments in people, training, tools and technology. Read more »