At a glance.
- Mobile carriers face fines for mishandling user location data.
- San Diego children's hospital suffers data breach.
- A Clearview AI breach of customer information hints at the scope of what the company collected.
- Your Tesla seems to know an awful lot about you.
The FCC may fine four big mobile carriers over geolocation data handling.
Reuters says that the US Federal Communications Commission (the FCC) is preparing to fine four major mobile carriers--AT&T, Verizon, Sprint, and T-Mobile US--a total of $200 million for improperly disclosing realtime consumer location data. The FCC's investigation began in May 2018, when the Commission responded to reports that a flawed website could expose mobile phone users' geolocation data. That inquiry subsequently expanded to cover other ways in which third-parties were using customer location data. Mobile carriers agreed in January 2019 to stop providing realtime customer location data to various third-party data middlemen, calling an effective halt to data aggregation services that had, as the Wall Street Journal reported at the time, proven too prone to abusing user privacy.
The Wall Street Journal, which broke the story about the anticipated fines, says that a number of prominent privacy advocates think the FCC did too little, and did it too late as well. The FCC is expected to announce the fines officially sometime this afternoon. The Commission will apparently not offer the companies a settlement, which observers suggest will induce the carriers to fight the judgement.
Rady Children's Hospital discloses a breach of patient data.
A San Diego, California, hospital, Rady Children's, sustained a data breach between June 20, 2019 and January 3rd of this year in which information about up to 2360 patients of its Radiology Department was compromised. NBC San Diego says that, while the breach occurred last June, the hospital only became aware of it at the beginning of last month. The hospital, which has notified the affected patients and their parents or guardians, says that the type and date of imaging studies were compromised, and that patient names and genders accompanied that information. "In some cases, dates of birth, medical record numbers, the parent or guardians' names, descriptions of the imaging study and the names of the referring physician were also accessed." No diagnoses, financial information, or actual images were compromised.
A large number of public- and private-sector organizations apparently searched Clearview AI's data.
A BuzzFeed look into details of the Clearview AI breach concludes that the company's ambitions to create an international facial recognition database that would be shared among both public and private organizations had proceeded surprisingly far. The data exposed indicates that 2,228 organizations which BuzzFeed characterizes as "law enforcement agencies, companies, and institutions" had Clearrview accounts, and that together they performed about half-a-million searches. Many of the users are law enforcement agencies, both US Federal organizations and local police departments. The list of private sector organizations said to have searched Clearview's data include Macy's, Kohl’s, Walmart, Wells Fargo, Bank of America, Madison Square Garden, Eventbrite, Las Vegas Sands, Pechanga Resort Casino, the National Basketball Association, Equinox, and Coinbase. The customer list also includes two US high schools and forty-eight universities. Several of the companies, like Bank of America, who showed up as having searched the open-source database say they're not customers.
What the Tesla owner learned after his car was clipped in a parking lot.
A Washington Post columnist who drives a Tesla had the unfortunate experience of his ride's getting sideswiped by a hit-and-run driver in a parking lot. He had the car in what Tesla calls "Sentry Mode," and that sentry was on the qui vive: it saved four videos from different angles of the vehicle (a bus) that hit the car, caught the bus's number, and got a good picture of the driver's face. The columnist liked it that the car was looking out for its owner, but he also found the experience kind of creepy. The headline writers sum it up: "The car is becoming a sentry, a chaperone, and a snitch."