July 28th, 2017
We’ve discussed before the many ways that companies have been monitoring their employees. They’re using key-logging technology to monitor workers’ keystrokes and Internet-tracking software to log the sites that employees visit. Or tracking workers using GPS technology. More workplaces are using employee badges that have microphones and sensors for tracking individuals’ movements. Now, there’s a move toward a more invasive way to track employees: By implanting microchips in workers.
Wisconsin technology company Three Square Market announced that it is “offering implanted chip technology to all of their employees. … Employees will be implanted with a RFID chip allowing them to make purchases in their break room micro market, open doors, login to computers, use the copy machine, etc.” The company continued: “The chip implant uses near-field communications (NFC); the same technology used in contactless credit cards and mobile payments. A chip is implanted between the thumb and forefinger underneath the skin within seconds.” Read more »
June 28th, 2017
A couple of years ago, we discussed the increasing use license-plate-recognition camera technology and the possible privacy, civil liberty and security implications about the surveillance tech used to gather and record information on drivers’ movements. At the time, we noted that license-plate-reader technology (also called automated license plate readers, ALPRs), like other surveillance systems, has the ability to create a profile of an individual using personal, possibly sensitive data. Now, the technology is in even more jurisdictions nationwide, and the privacy questions remain.
Two examples of the proliferation of the license-plate-reader technology are in Rhode Island and Tennessee. In Rhode Island, state legislators are considering HB 5531, “An Act Relating to Motor and Other Vehicles — Electronic Confirmation and Compliance System,” which would create a state-wide license-plate-reader network to identify and fine uninsured drivers. The chief sponsor is Rep. Robert Jacquard (D), who “said he has made a number of changes to address fears of growing state surveillance and concerns the cameras could be used to expand highway tolling,” reports the Providence Journal.
The ACLU of Rhode Island testified (pdf) against the bill, noting “this legislation would nevertheless facilitate the capture and storage of real time location information on every Rhode Islander on the road, with no guidance as to how this information is to be used, at the benefit of a third-party corporation.” ACLU-RI wants the state to “implement clear and specific restrictions on the use of this technology, particularly by law enforcement” and notes such restrictions are included in HB 5989, whose chief sponsor is Rep. John G. Edwards (D). Read more »
May 26th, 2017
Update on June 6, 2017: Apple has introduced its own A.I. assistant device, the HomePod. Notably, the company says the device will only collect data after the wake command. Also, the data will be encrypted when sent to Apple’s servers. However, privacy questions remain, as with other A.I. assistants.
Artificial intelligence assistants, such as Amazon’s Echo or Google’s Home devices (or Apple’s Siri or Microsoft’s Cortana services) have been proliferating, and they can gather a lot of personal information on the individuals or families who use them. A.I. assistants are part of the “Internet of Things,” a computerized network of physical objects. In IoT, sensors and data-storage devices embedded in objects interact with Web services.
I’ve discussed the privacy issues associated with IoT generally (relatedly, the Government Accountability Office recently released a report on the privacy and security problems that can arise in IoT devices), but I want to look closer at the questions raised by A.I. assistants. The personal data retained or transmitted on these A.I. services and devices could include email, photos, sensitive medical or other information, financial data, and more.
And law enforcement officials could access this personal data. Earlier this year, there was a controversy concerning the data possibly collected by an Amazon Echo. The Washington Post explained, “The Echo is equipped with seven microphones and responds to a ‘wake word,’ most commonly ‘Alexa.’ When it detects the wake word, it begins streaming audio to the cloud, including a fraction of a second of audio before the wake word, according to the Amazon website. A recording and transcription of the audio is logged and stored in the Amazon Alexa app and must be manually deleted later.” Read more »
March 16th, 2017
In 2008, President George W. Bush signed the Genetic Information Nondiscrimination Act (Pub. L. 110-233). GINA restricts the collection and use of genetic information in a number of ways. GINA prohibits health insurance providers and employers from requiring genetic testing. Under the federal law, genetic data cannot be used to determine insurance premiums, eligibility for insurance, or employment.
States have also passed laws to protect individuals’ genetic privacy. Shortly after the passage of GINA, Illinois passed what would become Public Act 095-0927 (pdf), “An Act concerning health,” which strengthened privacy protections already in place under the Illinois Genetic Information Privacy Act of 1998. And in 2011, California Gov. Jerry Brown (D) signed SB 559, the California Genetic Information Nondiscrimination Act (CalGINA) (pdf). Going beyond the federal GINA, CalGINA also prohibits genetic discrimination in housing, mortgage lending, employment, health insurance coverage, life insurance coverage, education, public accommodations, and elections.
These laws are meant to protect employees’ privacy from employer access and to shield them from discrimination based on their genetic data, but the federal GINA could be undermined if a bill being considered in Congress becomes law. Read more »
February 27th, 2017
Good security is difficult. There are insider and outsider threats to prepare for, and the best defense includes continuous upgrades of security systems. A recent federal indictment concerning an alleged 18-year drug-smuggling operation among airport and Transportation Security Administration employees shows the value of strong security protocols that are changed and upgraded often enough that they cannot be easily circumvented by knowledgable insiders.
The use of airport and airline employees to smuggle drugs and other illicit contraband is not new. For example, a decade ago there was a scandal at an airport in Florida because airline baggage handlers were able to smuggle guns and drugs onto a plane. According to court documents, in 2007, two Comair baggage handlers were able to carry a duffel bag containing 14 guns and 8 pounds of marijuana onto a commercial plane in Orlando that was headed for San Juan, Puerto Rico. The men avoided detection, because they are airline baggage handlers who used their uniforms and legally issued identification cards to bypass security screeners and enter a restricted area before loading the contraband onto a plane. The men, who had passed federal background checks, used their knowledge of airport security protocols. The security protocols failed, and the men were caught because a source called a tip into the police.
Earlier that year, CBS News had revealed that “unlike passengers, pilots and flight attendants, some 700,000 airport workers with ID badges are allowed to completely bypass airport screening areas at virtually all our nation’s 452 commercial airlines.” Shortly after the Comair arrests, airports in Florida strengthened security protocols for employees and the Transportation Security Administration also heightened screening requirements. Read more »
January 24th, 2017
International Data Privacy Day is Saturday. There are a variety of events occurring this week to celebrate, including a live-streamed event from Twitter in San Francisco on Friday. Visit the official site to find events near your area. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. Please also donate to any number of organizations out there trying to protect your privacy rights.