Privacy Is the Entry Point for Our Civil and Basic Rights

JJ: Well, maybe let’s start with the shape of the problem. What are the concerns right now around data privacy that are generated specifically by this court ruling and other rulings around abortion access and its criminalization? What could happen? Or what do we see happening?

NB: From the outset, the gutting of Roe by Dobbs is so devastating for, of course, the constitutional reasons, that at one time, Roe codified and really affirmed that abortion was a basic right.

Dobbs, in overruling that, overturning that, has laid open states to pick and choose whether they will allow abortion providers and individuals that kind of right.

But we’re in a very different moment now in 2022 than we were in the 1970s, and that’s really because of the rise of the digital age. With it, as you mentioned in your opening, is that the Internet is our primary pathway for almost everyone, I think, to information, to healthcare to, you know, telehealth appointments.

— source | Jul 27, 2022

Nullius in verba


Who Is Collecting Data from Your Car?

Today’s cars are akin to smartphones, with apps connected to the internet that collect huge amounts of data, some of which is highly personal.

Most drivers have no idea what data is being transmitted from their vehicles, let alone who exactly is collecting, analyzing, and sharing that data, and with whom. A recent survey of drivers by the Automotive Industries Association of Canada found that only 28 percent of respondents had a clear understanding of the types of data their vehicle produced, and the same percentage said they had a clear understanding of who had access to that data.

Welcome to the world of connected vehicle data, an ecosystem of dozens of businesses you never knew existed.

The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an environment with few

— source | Jon Keegan, Alfred Ng | Jul 27, 2022

Nullius in verba

The Continuing Saga of UIDAI’s Breach of Privacy Rights

The recent advisories by the UIDAI’s regional office and then by its parent body are of concern. UIDAI, which has been functioning without a chairman since 2019, is responsible for managing one of the biggest databases in the world. It has already been revealed by the CAG report that it has failed to maintain the uniqueness of the Aadhaar. The database has unpaired and mismatched biometrics data on its system. It lacks a data archiving policy. The lack of a mechanism to ensure its accountability is another worry.

ON May 27, the regional office of the UIDAI in Bengaluru issued a press release that refrained people from sharing their photocopies of Aadhaar cards with other organisations as they could be “misused”. However, a few days later, the advisory was redacted with immediate effect. These developments came months after the Comptroller and Auditor General (CAG) report titled ‘Functioning of UIDAI’ revealed the failure of the UIDAI to maintain the uniqueness of the Aadhaar.

The initial advisory warned people against the use of public computers to download the e-copies of the Aadhaar card. If the e-copies are downloaded, they should be permanently

— source | Gursimran Kaur Bakshi | Jun 15, 2022

Nullius in verba

Data Privacy Bill: Commercialising Our Data and Weakening Our Privacy

The world is far more interconnected than ever before, with 60% of the world’s population connecting to the internet. With wireless connectivity and cheap smartphones, the number of Indians connecting to the internet today is more than 70% of the population. While most people may believe that they connect to the internet, in reality, they connect to either Google or Facebook and to each other via these digital monopolies. People may remember the attempt by Facebook in India to introduce a truncated internet calling it Free Basics, which failed due to the collective resistance of the people. In 65 countries, unfortunately, Facebook succeeded in introducing Free Basics. Most who are on it believe that the Facebook world is the internet.

It is this ability to access the users and collect their data that gives Google and Facebook the dominant position they enjoy in the advertising world. Already, digital ad revenues are poised to overtake all other forms: television, print and radio combined. And Google and Facebook have emerged as duopolies in the digital advertising space. Google and Facebook can convert their monopoly power over search engines and social media into dominance over all other advertising players. This is a threat to all other media organisations that depend on advertisements. This is the reason that in the US, the UK and the EU, regulatory and legal action has been initiated to break Google and Facebook’s monopolies in advertising.

In India, the Modi government has been unwilling to confront the US duopoly of Google and Facebook. With the revelations from Facebook whistleblowers Sophie Zhang and Frances

— source | Prabir Purkayastha | 15 Dec 2021

Nullius in verba

Teaching Cybersecurity in an Age of ‘Fake Security’

I teach cybersecurity. It’s something I really believe in, but it’s hard work for all the wrong reasons. First day homework for students is watching Brazil, No Country for Old Men, Chinatown, The Empire Strikes Back, or any other film where evil triumphs and the bad guys win. This establishes the right mindset – like the medics at the Omaha beach landing in Saving Private Ryan. Not to be pessimistic, but cybersecurity is a lost cause, at least as things stand today. If we define computer security to be the combination of confidentiality, integrity, and availability for data, and as resilience, reliability and safety for systems, then we are failing terribly on all points.

As a “proof” after a fashion, my students use a combination of Blotto analysis from military game theory, and Lubarsky’s law (“there’s always one more bug”). It is a dispiriting exercise to see how logic stacks up against the defenders, according to which “the terrorists always win”. Fortunately, game theory frequently fails to explain a reality where we are not all psychopathically selfish Bayesian utility maximisers (unlike corporations which are programmed to be). Occasionally hope, compassion, gratitude, and neighbourly love win out.

Could things be worse than having mathematics against you? Actually yes. You could live in a duplicitous culture antithetical to security but favouring a profitable facsimile of

— source | Andy Farnell | 11.29.21

Nullius in verba

Immunity Passports Are a Threat to Our Privacy and Information Security

With states beginning to ease shelter-in-place restrictions, the conversation on COVID-19 has turned to questions of when and how we can return to work, take kids to school, or plan air travel.

Several countries and U.S. states, including the UK, Italy, Chile, Germany, and California, have expressed interest in so-called “immunity passports”—a system of requiring people to present supposed proof of immunity to COVID-19 in order to access public spaces, work sites, airports, schools, or other venues. In many proposed schemes, this proof would be stored in a digital token on a phone. Immunity passports would threaten our privacy and information security, and would be a significant step toward a system of national digital identification that can be used to collect and store our personal information and track our location.

Immunity passports are purportedly intended to help combat the spread of COVID-19. But there is little evidence that they would actually accomplish that.

On a practical level, there is currently no test for COVID-19 immunity; what we have are antibody tests. But we don’t know whether people with antibodies have immunity.

— source | Alexis Hancock and Karen Gullo | May 28, 2020

Nullius in verba

Truth about ProtonMail

1. Protonmail Behaves like a CIA/NSA “Honeypot”
2. Protonmail Does Not Provide “End to End Encryption”
3. Protonmail’s Was Created Under CIA/NSA Oversight
4. Protonmail is Part Owned by CRV and the Swiss Government
5. CRV, In-Q-Tel & the CIA
6. Protonmail Follows CIA Email format & Metadata Requirements
7. Swiss MLAT Law Could Give the NSA Full Access
8. Protonmail Uses Radware for DNS/DDOS Protection
9. Protonmail Developers Do Not Use Protonmail
10. Protonmail engages in illegal cyberwarfare
11. Protonmail has a history of Dishonesty

— source | Feb 18, 2021

Nullius in verba

Ethical Problems With Modern Cars Containing Proprietary Software That Drivers Cannot Remove/Replace

THE folks lurking in our IRC channels have likely seen this recurring theme; cars and the things that nowadays go into new cars concern us. It’s not limited to what insurance companies are doing; drivers aren’t the sole targets of surveillance and remote control, either. Passengers in cars too are affected.

There are several dimensions to this problem, or several separable aspects. Spying in cars is a big and largely unexplored issue; but it’s not the only one. Many of today’s cars can be remotely controlled; if not by design, then by cracking, which in turn replaces the software that runs inside a car. The schemes by which this is done are kept under the veil of “national security” (see for example Vault 7 and Vault 8, especially the codenames/operations that relate to software in cars).

The digitalisation rather than mechanisation (in the physical sense) of car components and their controllers — including windows, brakes, blinkers etc. — should be a cause for concern if it’s all proprietary software. A few years ago, following the wave of trucks running over crowds in terror attacks, suggestions were made for remote controls (or

— source | Roy Schestowitz | 07.03.21

Nullius in verba