At a glance.
- New issues surface in Israeli police surveillance scandal.
- IRS calls a halt to its facial recognition plans.
- Regulatory headwinds are prevailing winds.
New revelations in the Israeli police surveillance scandal.
A new report from the Calcalist, the media outlet that originally blew the whistle on allegations that the Israeli police used NSO Group’s controversial Pegasus surveillance software to spy on Israeli citizens, has added to the growing list of alleged victims, saying the spyware was found on the devices of politicians, government ministry director generals, businessmen, protest leaders, mayors, and reporters. CNN notes that while the previous allegations focused on the fact that police were using the spyware without proper authorization, the new claims highlight just how widespread the surveillance was, targeting people who were under no suspicion of any criminal activity.
Within hours of the report, Israel's Public Security Minister Omer Bar Lev announced he’s calling for the establishment of a government commission of inquiry "to investigate in depth the violation of civil rights and their privacy in the years in question." Prime Minister Naftali Bennett responded, “This tool and similar tools, are important tools in the fight against terrorism and severe crime, but they were not intended to be used in phishing campaigns targeting the Israeli public or officials -- which is why we need to understand exactly what happened." Israel Police Commissioner Kobi Shabtai is pushing for an external and independent judicial review committee to investigate the allegations "in order to restore the public's trust in Israel Police on the one hand and to regulate the use of technologies in Israel Police on the other." Ayelet Shaked, who served as Justice Minister between 2015 and 2019, told the Times of Israel she had no knowledge the police were using the spyware during her tenure. “It is unthinkable in a democracy, we will amend the wiretapping law.”
Reuters reports that the alleged targets included several individuals tied to former Prime Minister Benjamin Netanyahu, who is currently on trial for corruption charges. The court has postponed the proceedings of the trial, dubbed Case 4000, while they await more information from the prosecution about the hacking accusations. Haaretz discusses Netanyahu’s role in Pegasus’s rise to popularity. During his time as Prime Minister, he greased the wheels for Pegasus purchase deals in the Persian Gulf and to further diplomacy, all while he was supposedly unaware that his country’s police force was using the spyware to target Israeli citizens, and possibly to gather intel against him.
IRS halts facial-recognition system plans.
After facing bipartisan criticism regarding privacy concerns, the US Internal Revenue Service (IRS) is backtracking on its plans to use a private facial-recognition system to authenticate taxpayers’ identities for access to online accounts, the Wall Street Journal reports. IRS Commissioner Charles Rettig stated, “Everyone should feel comfortable with how their personal information is secured, and we are quickly pursuing short-term options that do not involve facial recognition.” A company called ID.me had already begun providing the identity-verification system for people to establish online accounts through the IRS website, and the IRS had announced plans to require the facial-recognition system for all online accounts this summer. In a letter to Rettig last week, a group of Senate Republicans stated the system was a threat to privacy and cybersecurity, explaining, “The IRS has unilaterally decided to allow an outside contractor to stand as the gatekeeper between citizens and necessary government services. And yesterday a group of Democrat lawmakers issued a news release urging the IRS to halt the plans. “Any government agency operating a face recognition technology system – or contracting with a third party – creates potential risks of privacy violations and abuse,” they wrote. “We urge the IRS to halt this plan and consult with a wide variety of stakeholders before deciding on an alternative.” Many privacy experts have expressed concerns about the inherent security risks of using biometric technology for authentication. As Jeramie D. Scott, senior counsel with the Electronic Privacy Information Center, told the Washington Post,“Facial recognition technology is based on your face and that’s something you can’t change easily. Once you lose control of it, it’s extremely hard, if not impossible, to regain control of your identity.”
Lecio DePaula Jr., VP of Data Protection, at KnowBe4, sees the now-suspended plans as a privacy misstep:
“Requiring American citizens to submit a government issued ID as well as a video to verify to the IRS portal is extremely privacy intrusive as that data would then be stored and processed by the third party contractor -- which may be using data for a variety of other purposes (potentially sharing to law enforcement). This is one of those cases where the ends do not justify the means. The portal can be just as secure by leveraging strong password requirements as well as two-factor authentication for the end users, which is a much more inexpensive, less intrusive and unbiased way to secure the portal without needing to leverage a third party. I hope the portal begins to head in the right direction because once one government agency adopts a standard, others begin to follow. If the United States had a robust privacy law which protected the biometric information of individuals, that would be a different situation. However, without any protection for the data of American citizens, adopting this technology at this scale would be privacy malpractice.”
Tim Erlin, VP of Strategy, at Tripwire, and sees the cancelled plans as ill-conceived and unnecessarily inflammatory:
“Facial recognition technology is polarizing in general, and for many the concept of the government trusting a third-party to manage such personal data is unacceptable. For many others, the concept of the government itself having facial recognition data is equally unacceptable
"It’s clear that there are a number of potential and unresolved issues with the selected vendor. While the immediate emphasis is on stopping the process from moving forward, time should be spent on how a vendor was selected with all these apparent issues.”
Windy weather forecast for adtech regulations.
Meta, the tech giant formerly known as Facebook, has described future obstacles as “regulatory headwinds”, and TechCrunch offers their take on just what this vague term means. The company has long been using questionable policies to track user activity and turn user data into ad dollars, and it seems Meta is aware that the regulatory gray areas from which they’ve been benefitting might soon become more black and white. Just last week, Interactive Advertising Bureau Europe was given two months to revamp Europe’s flagship ad industry tool, the Transparency and Consent Framework (TCF), which was found to be barraging users with targeted ads without proper consent. This is just one indication of the quickly changing tide of industry privacy regulations that have let companies like Meta and Alphabet/Google get away with simply informing users of ad tracking without actually asking them for permission. As this digital advertising comprises 98% of Meta’s revenue and 81% of Alphabet’s, these policies work in their favor, but the changing winds of regulation and transparency might bring an end to the tell-don’t-ask era of adtech.