In this week’s update, we start and end on TikTok, but the bookends could not be more different. We have one of the most important updates on how you can protect your family and friends from the latest AI scam that's already gone global. Then we dance between more revelations from who’s viewing who, to one presenter who lost more than her TikTok audience. There’s a brazen story covering one law firm's efforts to stop Google from hoovering up every piece of our data and presumably make some decent money in the process. We’ve got a new flow across the Atlantic and a brave soul who is duty-bound to put a stop to it. Finally, we have the latest compromise, this one occurring during your Amazon package delivery. It’s fresh as a kiss, it’s fun, it’s the IT Privacy and Security Weekly Update! AU: TikTok Executive Admits Australian Users' Data Accessed By Employees In China Source: The Guardian Australian user data is accessible to TikTok employees based in China on a "very strict basis," the company's head of data security, Will Farrell, has said. In their first public appearance before Australian members of parliament, since the government joined Canada, the US, and the UK in banning TikTok from government-owned devices amid concerns about the company's connections to China, TikTok executives were questioned at length by a parliamentary committee examining foreign interference on social media. Liberal senator and chair of the committee James Paterson, who has led the opposition's push against the app, questioned how many times Australian user data had been accessed by TikTok staff based within China. Farrell could not provide the number immediately but admitted it did happen. Farrell said there were "a number of protections in place", including that employees only get the minimum amount of access to data to do their job, and when they access that data they need to provide a business justification that needs to be approved by their manager and the database owner within TikTok. If the data is being accessed across a national border, it has to be approved by the global security team based in the US, which also monitors all data access. "Employees can't get access without a clear justification and levels of approval," Farrell said. A similar security review would apply if an employee based in China tried to change the recommendations algorithm, he said. The company's local head of public policy, Ella Woods-Joyce, said China's 2017 national security law -- which requires companies to give the government any personal data relevant to national security -- would apply to any company that had operations and staff in China. When asked on what ground TikTok would refuse to comply with the law, Woods-Joyce said TikTok had never been asked for personal data by the Chinese government and would refuse if asked. It was revealed in December that employees had used the app to attempt to identify the source of a leak to journalists. Hunter told the committee that he stood by the sentiments expressed in his original article, and blamed "rogue employees" who had since been fired from the company for accessing the data. He said "serious misconduct from these rogue employees" had taken place. He said GPS location information was not collected in Australia. So what's the upshot for you? This is a reaffirmation of the detail we already knew about the PRC and China-based companies. US: Google Hit With Lawsuit Alleging It Stole Data From Millions of Users To Train Its AI Tools Source: CNN CNN reports on a wide-ranging class action lawsuit claiming Google scraped and misused data to train its AI systems. This goes to the heart of what can be done with information that is available over the internet. The complaint alleges that Google "has been secretly stealing everything ever created and shared on the internet by hundreds of millions of Americans" and using this data to train its AI products, such as its chatbot Bard. The complaint also claims Google has taken "virtually the entirety of our digital footprint," including "creative and copywritten works" to build its AI products. The complaint points to a recent update to Google's privacy policy that explicitly states the company may use publicly accessible information to train its AI models and tools such as Bard. In response to an earlier Verge report on the update, the company said its policy "has long been transparent that Google uses publicly available information from the open web to train language models for services like Google Translate. This latest update simply clarifies that newer services like Bard are also included." The suit is seeking injunctive relief in the form of a temporary freeze on commercial access to and commercial development of Google's generative AI tools like Bard. It is also seeking unspecified damages and payments as financial compensation to people whose data was allegedly misappropriated by Google. The firm says it has lined up eight plaintiffs, including a minor. So what's the upshot for you? "Google needs to understand that 'publicly available' has never meant free to use for any purpose," Tim Giordano, one of the attorneys at Clarkson bringing the suit against Google, told CNN in an interview. "Our personal information and our data is our property, and it's valuable, and nobody has the right to just take it and use it for any purpose." EU/US: EU and US reach a deal to let data flow across the Atlantic Source: Politico The European Union has given its approval for a new agreement enabling unrestricted data transfers between the EU and the United States, potentially resolving a three-year legal uncertainty for tech giants like Facebook and Google. The European Commission has officially recognized the United States as a nation offering adequate protection for the personal data of European citizens. This recognition comes under the General Data Protection Regulation (GDPR), a significant privacy law. The agreement called the EU-U.S. Data Privacy Framework paves the way for profitable transatlantic data exchanges. The previous data agreement between the governments, known as Privacy Shield, was invalidated by the EU's top court in 2020 due to concerns regarding the extensive surveillance capabilities of U.S. intelligence agencies. This decision carries significant implications as transatlantic data flows support an estimated $7.1 trillion in economic activities, with numerous companies conducting business on both sides of the Atlantic. So what's the upshot for you? The agreement, however, doesn’t necessarily end the longtime drama. Max Schrems, the privacy activist who filed lawsuits that led to the downing of the two previous data pacts, said the new deal didn’t give Europeans adequate protections, even with the changes in U.S. data policy. “We would need changes in U.S. surveillance law to make this work — and we simply don't have it,” Global: AI Voice Scams Alert Sources: TechXplore, CNN Scams Targeting Individuals: We have encountered multiple cases of AI voice scams in recent weeks, affecting at least three individuals. We are hearing more about people who have been targeted by scams using AI fakes of family member voices over the last few weeks. - Raise Awareness: Although you may not be susceptible to such scams, it is crucial to inform your family and friends about this emerging trend to prevent them from becoming victims. - Encourage your loved ones to develop a unique code word or phrase that can be used to verify their identity. Examples include the nickname for the family dog, a pet name that the mother uses, or a secret spy word (to engage the kids in the process). Siobhan Johnson, a special agent and FBI spokesperson shared some tips on how to avoid getting scammed:
Global: Footage From Amazon's In-Van Surveillance Cameras Is Leaking Online Sources: Vice, Reddit, Reddit Amazon delivery drivers have been subject to surveillance through in-van cameras, and recently, numerous videos from these cameras have been posted on Reddit, specifically on the r/AmazonDSPDrivers subreddit. The videos depict various incidents captured by the AI-powered cameras, highlighting the monitoring and tracking of drivers' movements during their routes. The desk setup shown in one video suggests it belongs to a small-business contractor working as an Amazon delivery service partner (DSP) within an Amazon warehouse. Previously, Amazon justified the use of these cameras as a safety measure, dismissing concerns about privacy intrusion. However, the recently posted videos indicate that the access to camera feeds is being misused. So what's the upshot for you? The drivers themselves do not have access to these videos; only Amazon, Netradyne (the camera technology provider), and the relevant DSPs have access to the footage. Questions remain about the sudden surge in publicly shared videos, particularly on Reddit. US: Ohio Plastic Surgeon Loses Medical License After TikTok Livestreams Source: AP News An Ohio plastic surgeon lost her medical license after the state medical board investigated her for live-streaming operations on TikTok and surgical complications reported by patients. The State Medical Board of Ohio voted at a hearing on Wednesday to permanently revoke Dr. Katharine Roxanne Grawe's medical license and to fine her $4,500 "based on her failure to meet a standard of care." At the hearing, doctors on the board said that Dr. Grawe, known online as "Dr. Roxy," had previously been cautioned about protecting patient privacy on social media. They also spoke about her treatment of three unnamed patients who had reported complications from procedures, including one whose surgery Dr. Grawe had broadcast a part of on social media. Dr. Jonathan B. Feibel, vice president of the medical board, recommended that Dr. Grawe's license be revoked because of the "life altering, reckless treatment" provided to those patients. "These outcomes were not normal complications like those that exist in the routine practice of medicine, but were rather caused by recklessness and disregard for the rules governing the practice of medicine in Ohio," he said. So what's the upshot for you? ...because that's what you want right? Your surgical procedure being live-streamed on TikTok. This is so wrong in so many ways. And our quote of the week - “Every CEO of a social network should be required to use the default privacy settings for all of their accounts on the service.” – Anil Dash ( American technology executive, entrepreneur, Prince scholar, and writer. He is the Head of Glitch and VP of Developer Experience at Fastly.) That’s it for this week. Stay safe, stay secure, watch those lips, and see you in Se7en!
Nick C.
7/18/2023 07:07:59 pm
We love this update. We have followed it for years and there is always some great piece of information we can use. Great work!
Reply
Leave a Reply. |