At a glance.
- COVID-19 epidemiological data collection prompts privacy concerns.
- Potential exposure of PII at US Small Business Administration.
- Thousands of Android apps collect device information without permission.
- Privacy in Zoom.
Epidemiological data and the individual's permanent record.
The Intercept collects opinion from privacy advocates concerning the effects of COVID-19 tracking on individual privacy. Their consensus is that the key to limiting damage to privacy lies in restricting the collection, structure, and use of such data to public health organizations only.
Some emergency loan applicants' personal data may have been exposed by the US Small Business Administration.
CyberScoop reports that the US Small Business Administration warned Saturday that "Personal identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on the loan application site.” The Small Business Administration says the unspecified problem has been contained and fixed, and its COVID-19 information and assistance site is back up and functioning. The agency says it's notifying the individuals affected and offering them free credit monitoring.
Android apps found unpleasantly intrusive.
Researchers at the University of L’Aquila in Italy, Vrije University in Amsterdam, and ETH in Zurich have published research into apps on Google Play, where more than four-thousand apps collect information about other installed applications, and do so without user permission. A follow-on study by the same team showed that such information can be reliably used to develop profiles of the affected users: gender, for example, seems relatively easy to infer. The motivation appear to be monetization through marketing utility as opposed, say, to identify theft. Intelligence services call this sort of profile a "target package." Marketeers think of it as the kind of dossier that can address users' wants, needs, interests, and commitments with rifleshot accuracy. WIRED has a useful summary of the research.
Zoom routed calls through China (by mistake).
The teleconferencing service, which has had some hard good fortune as demand surged during a general period of remote work, acknowledged at the end of last week that messages from users outside of China were mistakenly “allowed to connect to systems in China, where they should not have been able to connect.” The company's statements, reported by Yahoo News, came in response to a critical report by the University of Toronto's Citizen Lab. Zoom's CEO explained, “In February, Zoom rapidly added capacity to our Chinese region to handle a massive increase in demand, In our haste, we mistakenly added our two Chinese datacenters to a lengthy whitelist of backup bridges, potentially enabling non-Chinese clients to connect to them.”
Zoom's privacy practices are beginning to draw some unfriendly scrutiny from the US Congress. Nineteen members of the House of Representatives sent the company a letter Friday in which they requested answers to nineteen specific questions.