Today at a glance.
- Spyware as a threat to privacy.
- Facebook promises enhanced user privacy.
- LifeLabs data breach may affect most residents of British Columbia.
When lawful intercept technology gets lawless.
The Washington Posts takes the occasion of its owner, Jeff Bezos, whose phone may have been compromised by spyware, to offer background that might be useful to anyone interested in understanding this particular threat. "Spyware" is of course not what those who develop this class of tools calls it--"lawful intercept tool" is one of the industry terms of art for it. And indeed there are legitimate law enforcement and intelligence uses of this kind of software, provided it's used responsibly, with proper authority, and with effective oversight to avoid abuse. It would be analogous to such police tools as wiretapping equipment. In the US, for example, a judicial warrant is normally required before an agency can deploy spyware.
Concerns arise when spyware is provided to authoritarian or ineffectually lawless regimes. It's still unclear what did or did not happen to Mr. Bezos's phone, but the lessons the Post offers surely amount to good advice: keep your system properly updated, and beware of unusual messages that are commonly used as spyware vectors.
Lawsuit provisionally settled, Facebook promises to do better with privacy.
Facebook has promised privacy upgrades after settling an Illinois class action lawsuit over the social network's collection of biometric data without permission, the New York Times reports. Founder and CEO Mark Zuckerberg said the company intended to "set a new standard for our industry, going beyond anything that's required by law today." Chief Operating Officer Sheryl Sandberg said the company's position was that they "want everyone to be in control of their privacy on Facebook." The amount of the settlement was $550 million.
The settlement, whose final approval will be up to the court, did not require an admission of wrongdoing from Facebook. The state law the plaintiffs invoked was the Biometric Information Privacy Act. As the Wall Street Journal described the settlement, the principal issues were nonconsensual collection of biometric data, and whether such workarounds as using templates for image tagging would be deemed acceptable under the law. The method by which Facebook obtained consent--an opt-out system--didn't pass muster: clear, unambiguous, fully informed, opt-in consent would seem to be a must, at least if you're doing business in Illinois.
Something most residents of British Columbia can now say they have in common.
The Office of the Information and Privacy Commissioner for British Columbia said Friday that 4.7 million residents of the Canadian province may have been affected in the LifeLabs data breach. Since, as Castanet points out, Statistics Canada says that the province has 5.071 million residents, that means that almost all of them ere affected.