At a glance.
- Privacy issues surface with some tracing apps in the US.
- Estonia moves toward immunity passports.
- Indonesian election database leaked.
- GDPR comes for grandma.
- Walking the electronic beat with Nextdoor.
Privacy issues surface with some tracing apps in the US.
The US Federal Government hasn't undertaken development of a national contact-tracing app, but some of the states have. North and South Dakota have deployed Care19, an app that collects geolocation data under conditions that require opt-in, anonymization, and no sharing with third-parties. But researchers at privacy-specialist shop Jumbo Privacy have looked at Care 19 and report, as the Washington Post reports, that "one of the first contact-tracing apps violates its own privacy policy." In particular Jumbo says that Care19 shares location data with Foursquare, best known for its offerings in support of advertisers, and also that the app's data aren't really as anonymous as one might think: they include devices' Advertising Identifiers." Jumbo recommends that users not install the app until Care19's privacy policy is updated for accuracy, and until the app can assure users that their data won't be shared with third parties.
There are other state-level projects under development. The Telegraph reports that British tech company Wejo has contracted with eight states to develop a system for tracking the movements of connected cars, the better to help the states ensure that people are following stay-at-home orders, going out only for essentials like groceries, and not simply gallivanting around like a bunch of Sunday drivers. Comments on the story generally evince a negative reaction to this kind of tracking, as well as some expression of relief that, thank heaven, the commenter drives a primitive rattletrap without newfangled Internet gizmos.
Estonia moves toward immunity passports.
Estonia is preparing a digital immunity passport, a QR code people can display on their smartphones that will inform shopkeepers, gatekeepers, barkeeps and so on that the bearer has been tested for COVID-19. The Telegraph quotes Taavet Hinrikus of Back to Work, a non-governmental organisation that's developing the passport: “Digital immunity passport aims to diminish fears and stimulate societies all over the globe to move on with their lives amidst the pandemic.” The Telegraph's report is ambiguous, saying only that the passport displays test results, but Reuters goes farther, and reports that the intention is to show, specifically, immunity status. There may be some front-running going on here: it's not clear that there's yet a sound understanding of COVID-19 immunity and its relationship to the spread of the virus. There are also questions about how, and how well, private health data are to be secured.
Indonesian election database leaked.
Indonesia's General Election Commission is investigating the release of voters' private information on a hacker website. Reuters says that 2.3 million people's data have so far been released, but that those claiming responsibility are threatening to expose data on 200 million Indonesians. Authorities confirmed that the data were authentic, and that they included such items as home addresses and national identification numbers. The source of the leak is unknown, but the General Election Commission said that it didn't happen in the Commission's own servers. They suggest that it may have come from presidential candidates or political parties, with whom the Commission is obligated by law to share such data.
GDPR comes for grandma.
The BBC reports that a Netherlands court has ruled in favor of a woman whose mother refused to take down photos of the plaintiff's children (the defendant's grandchildren) the defendant had posted to Facebook and Pinterest. The matter falls under the GDPR. While "purely personal" and "household" processing of data do not fall within the scope of the European privacy regulation, social media posts do, because they amount to a form of publication. "With Facebook, it cannot be ruled out that placed photos may be distributed and may end up in the hands of third parties," the court said. The grandmother was ordered to remove the photos. If she doesn't, she'll be hit with a €50 fine for every day she fails to do so, up to a maximum of €1,000. If she does it again, that will be another €50 a day. (Relationships can be so complicated, especially when there are pictures in the picture.)
Walking the electronic beat with Nextdoor.
City Lab is running a critical piece about the ways in which Nextdoor (the "hyperlocal" online community) is becoming incorporated into neighborhood watch programs. Privacy advocates are concerned, seeing too much opportunity for people to indulge in discriminatory, invasive, and other malign activity, and too much risk that such behavior will find its way into community policing. Physical neighborhood watch programs have attracted some criticism, but not much. The concerns may amount to little more than worries the simple novelty of involving Nextdoor may arouse. But there may be something disturbing in the well-known disinhibition the online world seems to induce, and the ease with which what would otherwise be a nasty little private preoccupation can scale and affect the lives of innocent others.
It's long been said that on the Internet, no one knows you're a dog. It might be added that no one knows you're a Karen, a meddler, a poorly informed social critic, etc. Theophrastus knew what he was talking about more than two millennia ago when he wrote that the busybody displayed a lot of kind-hearted affectation, but not much effective help. We hope the police on the beat are smart enough to know the difference. "I'm sure I meant well," is the typical post-meddling justification. Report real crime and real danger, sure, but otherwise live and let live.