Tag Archives: right to privacy

Your Typing Discloses Who You Are: Behavioral Biometrics

Behavioural biometrics make it possible to identify an individual’s “unique motion fingerprint”,… With the right software, data from a phone’s sensors can reveal details as personal as which part of someone’s foot strikes the pavement first, and how hard; the length of a walker’s stride; the number of strides per minute; and the swing and spring in the walker’s hips and step. It can also work out whether the phone in question is in a handbag, a pocket or held in a hand.

Using these variables, Unifyid, a private company, sorts gaits into about 50,000 distinct types. When coupled with information about a user’s finger pressure and speed on the touchscreen, as well as a device’s regular places of use—as revealed by its gps unit—that user’s identity can be pretty well determined, ction….Behavioural biometrics can, moreover, go beyond verifying a user’s identity. It can also detect circumstances in which it is likely that a fraud is being committed. On a device with a keyboard, for instance, a warning sign is when the typing takes on a staccato style, with a longer-than-usual finger “flight time” between keystrokes. This, according to Aleksander Kijek, head of product at Nethone, a firm in Warsaw that works out behavioural biometrics for companies that sell things online, is an indication that the device has been hijacked and is under the remote control of a computer program rather than a human typist…

Used wisely, behavioural biometrics could be a boon…Used unwisely, however, the system could become yet another electronic spy on people’s privacy, permitting complete strangers to monitor your every action, from the moment you reach for your phone in the morning, to when you fling it on the floor at night.

Excerpts from Behavioural biometrics: Online identification is getting more and more intrusive, Economist, May 23, 2019

Facebook Denizens Unite! the right to privacy and big tech

The European Union’s (EU) approach to regulating the big tech companies draws on its members’ cultures tend to protect individual privacy. The other uses the eu’s legal powers to boost competition.  The first leads to the assertion that you have sovereignty over data about you: you should have the right to access them, amend them and determine who can use them. This is the essence of the General Data Protection Regulation (GDPR), whose principles are already being copied by many countries across the world. The next step is to allow interoperability between services, so that users can easily switch between providers, shifting to firms that offer better financial terms or treat customers more ethically. (Imagine if you could move all your friends and posts to Acebook, a firm with higher privacy standards than Facebook and which gave you a cut of its advertising revenues.)

Europe’s second principle is that firms cannot lock out competition. That means equal treatment for rivals who use their platforms. The EU has blocked Google from competing unfairly with shopping sites that appear in its search results or with rival browsers that use its Android operating system. A German proposal says that a dominant firm must share bulk, anonymised data with competitors, so that the economy can function properly instead of being ruled by a few data-hoarding giants. (For example, all transport firms should have access to Uber’s information about traffic patterns.) Germany has changed its laws to stop tech giants buying up scores of startups that might one day pose a threat.

Ms Vestager has explained, popular services like Facebook use their customers as part of the “production machinery”. …The logical step beyond limiting the accrual of data is demanding their disbursement. If tech companies are dominant by virtue of their data troves, competition authorities working with privacy regulators may feel justified in demanding they share those data, either with the people who generate them or with other companies in the market. That could whittle away a big chunk of what makes big tech so valuable, both because Europe is a large market, and because regulators elsewhere may see Europe’s actions as a model to copy. It could also open up new paths to innovation.

In recent decades, American antitrust policy has been dominated by free-marketeers of the so-called Chicago School, deeply sceptical of the government’s role in any but the most egregious cases. Dominant firms are frequently left unmolested in the belief they will soon lose their perch anyway…By contrast, “Europe is philosophically more sceptical of firms that have market power.” ..

Tech lobbyists in Brussels worry that Ms Vestager agrees with those who believe that their data empires make Google and its like natural monopolies, in that no one else can replicate Google’s knowledge of what users have searched for, or Amazon’s of what they have bought. She sent shivers through the business in January when she compared such companies to water and electricity utilities, which because of their irreproducible networks of pipes and power lines are stringently regulated….

The idea is for consumers to be able to move data about their Google searches, Amazon purchasing history or Uber rides to a rival service. So, for example, social-media users could post messages to Facebook from other platforms with approaches to privacy that they prefer…

Excerpts from Why Big Tech Should Fear Europe, Economist, Mar. 3, 2019; The Power of Privacy, Economist, Mar. 3, 2019

Your Biometric Data in Facebook

A federal judge has dismissed a class action lawsuit against Facebook after the California-based social media site claimed there was a lack of personal jurisdiction in Illinois.The plaintiff in the case, Fredrick William Gullen, filed the complaint alleging violations of the Illinois Biometric Information Privacy Act. Gullen is not a Facebook user, but he alleged that his image was uploaded to the site and that his biometric identifiers and biometric information was collected, stored and used by Facebook without his consent. The Illinois Biometric Information Privacy Act, implemented in 2008, regulates the collection, use, and storage of biometric identifiers and biometric information such as scans of face or hand geometry. The act specifically excludes photographs, demographic information, and physical descriptions….

In the Facebook case, no ruling has been made on whether the information on Facebook counts as biometric identifiers and biometric information under the Illinois Biometric Information Privacy Act. Instead, the judge agreed with Facebook that the case could not be tried in Illinois.

However, the company is currently facing a proposed class action in California relating to some of the same questions….How the California class action will play out remains to be seen. California does not yet have a clear policy on biometric privacy.A bill pending in the state’s legislature would extend the scope of the data security law to include biometric data as well as geophysical location, but it has not yet become law.  The question of privacy in regards to biometric information is one that has garnered increasing attention in recent months. On Feb. 4, 2016 the Biomterics Institute, an independent research and analysis organization, released revised guidelines comprising 16 privacy principles for companies that gather and use biometrics data.

Excerpts from Emma Gallimore, Federal judge boots Illinois biometrics class action against Facebook, Legal Newswire, Feb. 22, 2016, 12:15pm

See also the case (pdf)

By Hook or By Crook: Harvesting DNA of Indigenous Peoples

Tensions between Western scientists and Indigenous communities around the world. (“Indigenous” is an internationally inclusive term for the original inhabitants, and their descendants, of regions later colonized by other groups.) Scientists have used Indigenous samples without permission, disregarded their customs around the dead, and resisted returning samples, data, and human remains to those who claim them. Indigenous communities have often responded by severely restricting scientists’ sampling of their bodies and their ancestors, even as genomics has boomed, with increasing relevance for health….

The  Indigenous Peoples in Genomics (SING) aims to train Indigenous scientists in genomics so that they can introduce that field’s tools to their communities as well as bring a sorely needed Indigenous perspective to research. Since Malhi helped found it at UI in 2011, SING has trained more than 100 graduates and has expanded to New Zealand and Canada. The program has created a strong community of Indigenous scientists and non-Indigenous allies who are raising the profile of these ethical issues and developing ways to improve a historically fraught relationship…

Some Indigenous communities, such as the Navajo Nation, decline to participate in genetic research at all. And many tribes don’t permit research on their ancestors’ remains. Such opposition can feel like a hostile stumbling block to Western scientists, some of whom have gone to court to gain or maintain access to Indigenous samples. Not being able to study at least some early samples would “result in a world heritage disaster of unprecedented proportions,” the American Association of Physical Anthropologists said in 2007 in a debate over an amendment to the Native American Graves Protection and Repatriation Act.

To understand why so many Indigenous people distrust Western scientists, consider how intertwined science has been with colonialism, says SING co-founder Kim TallBear, an anthropologist at the University of Alberta in Edmonton, Canada, and a member of the Sisseton Wahpeton Oyate in North and South Dakota. “While the U.S. was moving westward, stealing land, and massacring Indians, you had contract grave robbers coming out onto the battlefields and immediately picking up the dead—Native people—and boiling them down to bone, and sending their bones back east,” she says. Many of those skeletons were displayed and studied in museums by researchers who used them to argue for the biological inferiority of Indigenous people. Some of those skeletons are still there.  “Science was there, always. It’s part of that power structure,”

Many Indigenous communities see echoes of this painful history reverberating in the 21st century. In 2003, the Havasupai Tribe in Arizona discovered that samples taken for a study on diabetes had been used for research projects they had never consented to, including on population genetics and schizophrenia. They sued Arizona State University in Tempe, which eventually returned the samples and paid $700,000 to the tribe (Science, 30 April 2010)…

Researchers working for the Human Genome Diversity Project (HGDP), a major international effort, were collecting samples from around the world to build a public database of global genetic variation. The project publicly emphasized the importance of collecting DNA from genetically isolated Indigenous populations before they “went extinct.”  That rationale “was offensive to Indigenous populations worldwide,” Gachupin says. “Resources for infrastructure and for the wellbeing of the community were not forthcoming, and yet now here were these millions and millions of dollars being invested to ‘save’ their DNA.” The message from the scientific establishment was, she says, “We don’t care about the person. We just want your DNA.” Some activists dubbed the HGDP “the Vampire Project,” believing the only beneficiaries would be Western scientists and people who could afford costly medical treatments.

Excerpts from Lizzie Wade, Bridging the Gap, Science,  Sept. 28, 2018

How to Stop the Expoitation of Internet Users

Data breaches at Facebook and Google—and along with Amazon, those firms’ online dominance—crest a growing wave of anxiety around the internet’s evolving structure and its impact on humanity…The runaway success of a few startups has created new, proprietized one-stop platforms. Many people are not really using the web at all, but rather flitting among a small handful of totalizing apps like Facebook and Google. And those application-layer providers have dabbled in providing physical-layer internet access. Facebook’s Free Basics program has been one of several experiments that use broadband data cap exceptions to promote some sites and services over others.

What to do? Columbia University law professor Tim Wu has called upon regulators to break up giants like Facebook, but more subtle interventions should be tried first…Firms that do leverage users’ data should be “information fiduciaries,” obliged to use what they learn in ways that reflect a loyalty to users’ interests…The internet was designed to be resilient and flexible, without need for drastic intervention. But its trends toward centralization, and exploitation of its users, call for action

Excerpts from Jonathan Zittrain, Fixing the internet, Science, Nov. 23, 2018

Behavior Mining

Understanding and assessing the readiness of the warfighter is complex, intrusive, done relatively infrequently, and relies heavily on self-reporting. Readiness is determined through medical intervention with the help of advanced equipment, such as electrocardiographs (EKGs) and otherspecialized medical devices that are too expensive and cumbersome to employ continuously without supervision in non-controlled environments. On the other hand, currently 92% of adults in the United States own a cell phone, which could be used as the basis for continuous, passive health and readiness assessment.  The WASH program will use data collected from cellphone sensors to enable novel algorithms that conduct passive, continuous, real-time assessment of the warfighter.

DARPA’s WASH [Warfighter Analytics using Smartphones for Health] will extract physiological signals, which may be weak and noisy, that are embedded in the data obtained through existing mobile device sensors (e.g., accelerometer, screen, microphone). Such extraction and analysis, done on a continuous basis, will be used to determine current health status and identify latent or developing health disorders. WASH will develop algorithms and techniques for identifying both known indicators of physiological problems (such as disease, illness, and/or injury) and deviations from the warfighter’s micro-behaviors that could indicate such problems.

Excerpt from Warfighter Analytics using Smartphones for Health (WASH)
Solicitation Number: DARPA-SN-17-4, May, 2, 2018

See also Modeling and discovering human behavior from smartphone sensing life-log data for identification purpose

Data Security: Real Fear

On its website, ProfitBricks touts what it calls “100 percent German data protection,” underneath the black, red, and gold colors of the German flag. “Having a German cloud helps tremendously,” says Markus Schaffrin, an IT security expert at Eco, a lobbying group for Internet companies. “Germany has some of the most stringent data-protection laws, and cloud-service providers with domestic data centers are of course highlighting that.”

The companies known as the Mittelstand—the small and midsize enterprises that form the backbone of the German economy—are rapidly embracing the idea of the networked factory. Yet they remain wary of entrusting intellectual property to a cloud controlled by global technology behemoths and possibly subject to government snooping. “Small and medium enterprises are afraid that those monsters we sometimes call Internet companies will suck out the brain of innovation,” says Joe Kaeser, chief executive officer of Siemens, which in March began offering cloud services using a network managed by German software powerhouse SAP.

In a case being closely watched in Germany, the U.S. Department of Justice has demanded that Microsoft hand over e-mails stored on a data server in Ireland. The software maker argues that the U.S. has no jurisdiction there; the U.S. government says it does, because Microsoft is an American company. …

U.S. companies aren’t ceding the market. Microsoft will offer its Azure public cloud infrastructure in German data centers, with T-Systems acting as a trustee of customer data. The companies say the arrangement will keep information away from non-German authorities. And IBM in December opened a research and sales hub for Watson, its cloud-based cognitive computing platform, in Munich—a move intended to reassure Mittelstand buyers about the security of their data. “If a customer wants data never to leave Bavaria, then it won’t,” says Harriet Green, IBM’s general manager for Watson. “I’m being invited in by many, many customers in Germany, because fear about security is very, very real.”

Excerpts from Building a National Fortress in the Cloud, Bloomberg, May 19, 2016