The New York Times has an account of the pervasive system of surveillance the Chinese government has deployed domestically. It amounts to a nationwide panopticon.
Another New York Times piece is a study of the ready availability of location data, and it suggests that panopticons may also be spontaneously organized. It obtained great quantities of smartphone location data from the large number of companies that collect such data as part of their business. The geolocations are reported to the companies by apps consumers install on their mobile devices. The Times points out that no US Government agency collects such data on anything remotely approaching the scale of what the private sector as a whole obtains, and that the US has, in a decentralized and unwitting fashion, built a surveillance regime "app by app" that would be the envy of many an authoritarian government. The companies, which collect the data for a variety of purposes (mostly related to marketing) do so, they point out, with the consent of the users. They also maintain that the data are both anonymized and securely handled. The Times finds reason to dispute all three claims. The first because consent can easily be seen as attenuated at best when it's given in the context of long, complex set of terms and conditions, the second because data can be correlated in ways that overcome anonymization, and the third because the companies themselves struggle with data security.
The LifeLabs data breach continues to worry Canadians whose personal information was compromised in the incident. The Conversation notes that some fifteen-million customers of the medical lab remain at risk of their data having been exposed. Indeed, as Ride the Lightning points out, with ransomware shakedowns increasingly stealing data before they encrypt it, the better to extort payment from the victims, it's now prudent to regard every ransomware attack as also representing a data breach. Enterprises should act accordingly.
Pen Test Partners shared with TechCrunch the results of a study into the security of the smart watch trackers parents often use to keep tabs on their children. It appears those children can be tracked by third parties, too, and that the weakness lies in the cloud.
On Monday we noted that the European Court of Justice was expected to issue its decision on the successor to Privacy Shield today. Computing reports that the decision generally upheld the use of standard contractual clauses to regulate data transfer from Europe to the US.