Search Results for “Natasha Lomas”


April 29, 2020
Natasha Lomas / TechCrunch

Natasha Lomas / TechCrunch  
Nearly 180 UK Computer Security and Privacy Academics Warn of ‘Mission Creep’ Surveillance in Country’s Pursuit of Centralized Coronavirus Contacts Tracing App

A letter signed by 177 UK computer security and privacy academics raises transparency and mission creep concerns about their country’s national approach to developing a coronavirus contact tracing app. In directing their attention to NHSX, the digital arm of the National Health Service which has been working on building digital contacts tracing app since early March, the academics say “We urge that the health benefits of a digital solution be analysed in depth by specialists from all relevant academic disciplines, and sufficiently proven to be of value to justify the dangers involved.” They are specifically concerned about the centralized approach the government is taking in developing a tracing app, saying this approach “would enable (via mission creep) a form of surveillance.”

June 2, 2020
Natasha Lomas / TechCrunch

Natasha Lomas / TechCrunch  
Native Advertising App TVSmiles Exposed Millions of Users’ Data via Unsecured Amazon S3 Bucket

Berlin-based mobile native advertising app TVSmiles, whose users earn digital currency by completing quizzes, apps, and videos, has suffered a data breach according to researchers at UpGuard, who found an unsecured Amazon S3 bucket online last month containing personal and device data tied to millions of the app’s users. The bucket contained a 306 GB PostgreSQL database backup with “unencrypted personally identifiable information matched to individual users, profiling insights about users’ interests based on quiz responses, associations to smart devices, and accounts and login details for TVSmiles’ business relationships.” TVSmiles immediately secured the database after UpGuard reported it on May 13.

April 2, 2020
Natasha Lomas / TechCrunch

Natasha Lomas / TechCrunch  
Pan-European Privacy-Preserving Proximity Tracing Aims to Conduct COVID-19 Contacts Tracing in a Way That Thwarts State Surveillance

A European coalition of technologists and scientists from at least eight countries led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) has unveiled contacts-tracing proximity technology for COVID-19 called Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) that’s designed to comply with the region’s strict privacy rules. The project is a response to the coronavirus pandemic generating a massive spike in demand for citizens’ data that’s intended to offer not just another app but instead offers what the scientists call “a fully privacy-preserving approach” to COVID-19 contacts tracing. The idea is to use smartphone technology to help disrupt the next wave of infections by notifying individuals who have come into close contact with an infected person but to do so in a manner that can’t be exploited by state surveillance authorities using anonymous IDs and encryption.

June 12, 2019
Natasha Lomas / TechCrunch

Natasha Lomas / TechCrunch  
Football Division La Liga Fined $280,000 by Spain’s Data Protection Watchdog for Using Microphones, GPS of Fans’ Phones to Record Their Surroundings

Spanish football’s premier league division, La Liga, has been ordered by Spain’s data protection watchdog, the AEPD, to pay a €250,000 (around $280,000) fine for privacy violations of Europe’s General Data Protection Regulation (GDPR) related to its official app. The fine stems from the finding that La Liga was using the microphone and GPS of fans’ phones to record their surroundings in an effort to identify bars which are unofficially streaming games instead of paying for broadcasting rights. The app was ostensibly designed to allow users to receive minute-by-minute commentary of football matches. AEPD concluded that La Liga failed to be adequately clear about how the app recorded audio, violating Article 5.1 of the GDPR, which requires that personal data be processed lawfully, fairly and in a transparent manner.

May 22, 2019
Natasha Lomas / TechCrunch

Natasha Lomas / TechCrunch  
Transport London Will Start Tracking Wi-Fi Devices in July on the London Underground, Commuters Who Don’t Want to Be Tracked Will Be Forced to Turn Off Wi-Fi or Their Phones or Place Devices in Airplane Mode

The integrated body responsible for London’s transport system, Transport London (TfL), will roll out default Wi-Fi device tracking on the London Underground this summer, following a trial in 2016. TfL says that “secure, privacy-protected data collection will begin on July 8.” TfL will also offer alerts and says it could incorporate crowding data into its free open-data API to allow app developers, academics and businesses to expand the utility of the data by using it in their own products and services. Commuters using the Underground who do not wish to be tracked will have to turn off their Wi-Fi or phones or put their devices in airplane mode when using the transport. It’s not clear if TfL will encrypt the location data gathered from devices that authenticate to use the free Wi-Fi at the 260 or Wi-Fi-enabled London Underground stations. However, a genuine MAC address will be collected for each device, which TfL says will be depersonalized (pseudonymized) and encrypted to prevent the identification of the original MAC address and associated device. TfL contends it will not collect any other data from the devices.

June 29, 2019
Natasha Lomas / TechCrunch

Natasha Lomas / TechCrunch  
Italy’s Data Protection Watchdog Issues $1.1 Million Fine Against Facebook for Violating Over 200,000 Italian Users’ Privacy in Cambridge Analytica Scandal

Italy’s data protection authority (DPA) has issued Facebook with a €1 million (around $1.1 million) fine for violations of local privacy law attached to the Cambridge Analytica data misuse scandal, the largest fine issued thus far in that case. The watchdog said that says 57 Italian Facebook users downloaded Dr. Aleksandr Kogan‘s Thisisyourdigitallife quiz app, the vehicle used to siphon data without users’ permission, with an additional 214,077 Italian users’ also having their personal information processed without their consent because they were friends of those users. The Italian DPA’s fine follows a previous £500,000 (around $635,000) sanction by the British privacy watchdog, which also found that the tech giant had not sufficiently protected users’ online data.

February 19, 2020
Natasha Lomas / TechCrunch

Natasha Lomas / TechCrunch  
EU Unveils Proposals to Find European Solutions to Risks Around AI, Data Governance, Goal Is to Check the Power of U.S. Tech Giants

The European Commission unveiled proposals called “Europe Fit for the Digital Age” to exploit Europe’s vast trove of industrial data and set rules to govern artificial intelligence and to find European solutions that check the power of U.S. tech giants such as Facebook, Google, and Amazon. The proposals offer rules for “high risk” AI systems such as in health, policing, or transport, requiring such systems are “transparent, traceable and guarantee human oversight. The proposals also spell out a regulatory framework covering data governance, access and reuse between businesses, between businesses and government, and within administrations to create incentives for data sharing. The next step is for the Commission to take public consultation on these proposals.

Related: TechUK.org, Euractiv, RTE.ieVerdict, Reuters, WCCFtech, Silicon Republic, AP Breaking News, The Register, Europa.eu, Europa.eu, Fortune, POLITICO EU

Tweets:@fs0c131y @EU_Commission


February 4, 2020
Natasha Lomas / TechCrunch

Natasha Lomas / TechCrunch  
Google’s Lead Regulator in Europe Launches Formal Probe into Company’s Processing of Location Data

Google’s lead data regulator in Europe, the Irish Data Protection Commission (DPC), announced a formal investigation into the tech giant’s processing of location data, more than a year after receiving a series of complaints from consumer rights groups across Europe. In a statement, the DPC said it “has commenced an own-volition Statutory Inquiry, with respect to Google Ireland Limited, pursuant to Section 110 of the Data Protection 2018 and in accordance with the co-operation mechanism outlined under Article 60 of the GDPR. The Inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency.” Google said it would cooperate fully with the office of the Data Protection Commission in its Inquiry.

November 14, 2019
Ingrid Lunden, Natasha Lomas / TechCrunch

Ingrid Lunden, Natasha Lomas / TechCrunch  
Encrypted Messaging Service Wire Reveals Stealth Holding Company Move to U.S. Following $8.2 Million Venture Round, Raises Concerns Among Some Privacy Advocates

Enterprise-focused end-to-end encrypted messaging app and service Wire, which advertises itself as “the most secure collaboration platform,” quietly raised $8.2 million in venture funds from Morpheus Capital in February and moved its holding company in the same month to the US from Luxembourg. The low-key move of the holding company to the U.S. has raised concerns among privacy advocates, although Wire says that customers are licensed and serviced from Wire Switzerland; the software development team is in Berlin, Germany; and hosting remains in Europe. These operations are governed by the EU’s strict GDPR privacy regimes, Wire says. In a blog post, Wire says all of its source code is available for review on GitHub, and it outlined the nature of its end-to-end encryption practices. Wire is also planning to introduce a freemium tier to its existing consumer service, which has half a million users while working on a larger round of funding to fuel more growth of its enterprise business.

Related: Wire

Tweets:@brokep @snowden @snowden @IngridLunden


August 15, 2019
Natasha Lomas / TechCrunch

Natasha Lomas / TechCrunch  
WebKit Publishes New Tracking Prevention Policy That Cracks Down on Malicious Web Tracking Practices, Clamps Down on Those Who Violate It

WebKit, the open-source engine that underpins Internet browsers including Apple’s Safari browser, published its new tracking prevention policy, that spells out the web tracking practices that WebKit believes, as a matter of policy, should be prevented by default by web browsers because they infringe on a user’s privacy without giving users the ability to identify, understand, consent to, or control them. Technologies such as tracking pixels, browser and device fingerprinting and navigational tracking, among others, are deployed by an unregulated digital adtech industry and can be used to violate users’ privacy as well as serve as vehicles for injecting malware. WebKit also said it’s going to treat attempts to circumvent its policy as akin to malicious hack attacks to be responded to in kind; i.e. with privacy patches and fresh technical measures to prevent tracking.