“Google has yanked dozens of apps from its Google Play store after determining that they include a software element that surreptitiously harvests data.The Panamanian company that wrote the code, Measurement Systems S. de R.L., is linked through corporate records and web registrations to a Virginia defense contractor that does cyberintelligence, network-defense and intelligence-intercept work for U.S. national-security agencies.The code ran on millions of Android devices and has been found inside several Muslim prayer apps that have been downloaded more than 10 million times, as well as a highway-speed-trap detection app, a QR-code reading app and a number of other popular consumer apps, according to two researchers who discovered the behavior of the code in the course of auditing work they do searching for vulnerabilities in Android apps. They shared their findings with Google, a unit of Alphabet Inc., federal privacy regulators and The Wall Street Journal.”
Source : Google Bans Apps With Hidden Data-Harvesting Software – WSJ
“The European Commission and the United States announce that they have agreed in principle on a new Trans-Atlantic Data Privacy Framework, which will foster trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union in the Schrems II decision of July 2020. The new Framework marks an unprecedented commitment on the U.S. side to implement reforms that will strengthen the privacy and civil liberties protections applicable to U.S. signals intelligence activities. Under the Trans-Atlantic Data Privacy Framework, the United States is to put in place new safeguards to ensure that signals surveillance activities are necessary and proportionate in the pursuit of defined national security objectives, establish a two-level independent redress mechanism with binding authority to direct remedial measures, and enhance rigorous and layered oversight of signals intelligence activities to ensure compliance with limitations on surveillance activities.”
Source : Joint Statement on Trans-Atlantic Data Privacy Framework
“The secret CIA program is operated under the authority of Executive Order 12333, which former President Ronald Reagan issued in 1981. It has been used to justify bulk data collection of people in the US, including phone calls, SMS messages, and, until recently, email metadata.”
Source : CIA collecting bulk data on Americans without oversight, senators say | Ars Technica
« The facial recognition company Clearview AI is telling investors it is on track to have 100 billion facial photos in its database within a year, enough to ensure “almost everyone in the world will be identifiable,” according to a financial presentation from December obtained by The Washington Post.
And the company wants to expand beyond scanning faces for the police, saying in the presentation that it could monitor “gig economy” workers and is researching a number of new technologies that could identify someone based on how they walk, detect their location from a photo or scan their fingerprints from afar ».
Source : Clearview AI predicts 100 billion photos will give it worldwide facial recognition ability – The Washington Post
“When it comes to privacy, iOS arguably has a better reputation among consumers than Android, as does Siri vs Alexa, and Safari vs Chrome. But that doesn’t give Apple permission to track our lived experience at all times with its microphones, cameras and sensors. Apple’s groundbreaking devices are pushing the limits of what technology companies can track, and that is not good news for privacy. Thanks to Apple, physical shops can track us through our phones, hackers can potentially access our most sensitive health and biometric details, and now it has developed a technology that can scan content that was supposed to be encrypted. Apple has been playing two games at once – protecting privacy and developing surveillance tools – while only acknowledging the former.”
Source : We need to talk about how Apple is normalising surveillance | WIRED UK
“The features Apple announced a month ago, intending to help protect children, would create an infrastructure that is all too easy to redirect to greater surveillance and censorship. These features would create an enormous danger to iPhone users’ privacy and security, offering authoritarian governments a new mass surveillance system to spy on citizens. They also put already vulnerable kids at risk, especially LGBTQ youth, and create serious potential for danger to children in abusive households. The responses to Apple’s plans have been damning: over 90 organizations across the globe have urged the company not to implement them, for fear that they would lead to the censoring of protected speech, threaten the privacy and security of people around the world, and have disastrous consequences for many children.”
Source : Delays Aren’t Good Enough—Apple Must Abandon Its Surveillance Plans | Electronic Frontier Foundation
“The lamps come equipped with two built-in cameras—one facing the child and another offering a bird’s-eye view from above—letting parents remotely monitor their children when they study. There is a smartphone-sized screen attached to each lamp, which applies artificial intelligence to offer guidance on math problems and difficult words. And parents can hire a human proctor to digitally monitor their children as they study.In addition to the basic version of the lamp, a $170 upgraded model sends alerts and photos to parents when their children slouch. That version of the lamp sold out on China’s largest e-commerce platforms earlier this month.”
Source : A Smart Lamp That Watches Kids When They Study Is a Hit in China – WSJ
“The harsh truth is that Facebook doesn’t need to perform technical miracles to target you via weak signals. It’s got much better ways to do so already. Not every spookily accurate ad you see is a pure figment of your cognitive biases. Remember, Facebook can find you on whatever device you’ve ever checked Facebook on. It can exploit everything that retailers know about you, and even sometimes track your in-store, cash-only purchases; that loyalty discount card is tied to a phone number or email for a reason. Before you stoke your Facebook rage too much, know that Twitter and LinkedIn do this as well, and that Facebook copied the concept of ‘data onboarding’ from the greater ad tech world, which in turn drafted off of decades of direct-mail consumer marketing. It’s hard to escape the modern Advertising Industrial Complex.”
Source : Facebook Isn’t Listening Through Your Phone’s Microphone. It Doesn’t Have To | WIRED
“Ce mode opératoire a de quoi donner des sueurs froides aux autorités américaines et au-delà : l’entreprise revendique plusieurs dizaines de milliers de clients, à la fois dans les administrations et dans les entreprises. La liste des victimes connues pourrait donc nettement s’allonger dans les prochains jours, et pas seulement aux Etats-Unis.
Selon FireEye, l’attaque est d’ailleurs encore en cours. « Cela pourrait se révéler être l’une des campagnes d’espionnage les plus importantes de l’histoire », a pronostiqué auprès de l’agence Associated Press Dmitri Alperovitch, expert en cybersécurité et fondateur de l’entreprise CrowdStrike, spécialisée dans la traque des pirates informatiques de haut niveau.
Dans un communiqué, Orion a reconnu l’existence de « vulnérabilités », conséquences d’une attaque « ciblée et hautement sophistiquée », selon les mots de son PDG, Kevin Thompson. L’entreprise dit travailler actuellement avec le FBI et les services de renseignement pour comprendre le déroulé précis des faits.”
Source : Etats-Unis : des pirates ont réussi à infiltrer les départements du Trésor et du commerce
“The Secret Service paid for a product that gives the agency access to location data generated by ordinary apps installed on peoples’ smartphones, an internal Secret Service document confirms. The sale highlights the issue of law enforcement agencies buying information, and in particular location data, that they would ordinarily need a warrant or court order to obtain. This contract relates to the sale of Locate X, a product from a company called Babel Street.”
Source : Secret Service Bought Phone Location Data from Apps, Contract Confirms