FaceApp and Facebook: Under the Magnifying Glass

FaceApp and Facebook: Under the Magnifying Glass

FaceApp is Under Heavy Scrutiny After Making a Comeback

The U.S. government has aired its concerns regarding privacy risks with the new trending face-editing photo app, FaceApp. With the 2020 Presidential Elections campaigns underway, the FBI and Federal Trade Commission are conducting a national security and privacy investigation into the app.

Written in the fine print, the app’s terms of use and privacy policies are rather shocking, according to Information security expert Nick Tella. It states that as a user, you “grant FaceApp a perpetual, irrevocable, non-exclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you”. 

Social media experts and journalists don’t deny that if users are downloading the app, they are willingly handing over their data because of the above terms of use. However, government bodies and other institutions are aiming to make regulations stronger and ensure data protection is effectively enforced. 

On the other side, FaceApp has denied any accusations of data selling or misuse of user data. In a statement cited by TechCrunch, the company stated that “99% of users don’t log in; therefore, we don’t have access to any data that could identify a person”. Additionally, they made claims assuring the public that they delete ‘most images’ from their services within 48 hours of the image upload time. Furthermore, they added that their research and development team is their only team based in Russia and that their servers are in the U.S.

With everything going on in the world around privacy and user data misuse, we must ask ourselves; should we think twice before trusting apps like FaceApp? 

Facebook to Pay $5 USD Billion in Fines

On Friday, July 12th, the FTC and Facebook finalized a settlement to resolve the Cambridge Analytica data misuse from last year, for a fine of $5 billion U.S. dollars. Unfortunately, concerns still arise over whether or not Facebook will even change any of their privacy policies or data usage after paying this fine. “None of the conditions in the settlement will impose strict limitations on Facebook’s ability to collect and share data with third parties,” according to the New York Times. 

Although the FTC has approved this settlement, it still needs to get approved by the Justice Department, which rarely rejects agreements reached by the FTC. 

Join our newsletter


Ontario Takes Action Against Privacy Breaches and GDPR After One Year

Ontario Takes Action Against Privacy Breaches and GDPR After One Year

Facebook privacy issues

Ontario looking into stronger privacy control to further protect citizens. Facebook under scrutiny once again over data privacy issues. Taking a look at GDPR one year later. 

Ontario takes action to protect privacy and personal data

79% of surveyed Ontarians believe data about people and businesses in Ontario need stronger protection. “Our government recognizes that the tremendous economic potential of emerging data technologies needs to be balanced with thoughtful and robust protections for the privacy and personal data of all Ontarians,” said Bill Walker, Minister of Government and Consumer Services. “We believe that Ontarians deserve to know and actively consent to the collection of data, how that data is used, and by whom”.

Three areas of focus include:

  • Promoting public trust and confidence
  • Creating economic benefit
  • Enabling a better, smarter, efficient government

Walker states that the Ontarian government is making sure the prime focus is the protection of personal privacy. He hopes our municipal and federal cohorts will do the same.

Judge orders Facebook to turn over records on data privacy

Facebook has been asked to turn over internal records regarding data privacy and access to user data by a judge in Delaware. This was the result of a lawsuit accusing Facebook’s mismanagement of data breaches. Furthermore, Facebook’s counter argument claiming that the investors had not stated a proper purpose for searching the company’s records, was rejected.

One year on, GDPR helps EU combat data privacy concerns, raises bar worldwide

The world as we know it changed when the GDPR came into action. Companies that were using data seamlessly were forced to invest in data centres and to regulate their data collection processes.

GDPR has introduced many new guidelines into the European consumer-business scene, such as the right to be forgotten, which simply means the company has to completely remove the user from their system altogether.

Every country or region is now trying to implement their own versions suitable for their own citizens. India was the first to come out with a similar law, followed by Brazil, Vietnam, China, Japan, Thailand and South Korea.

This cascading effect from GDPR shows light to a promising future of consumer privacy and regulation against the misuse of data. We look forward to seeing what these laws will do for us!

Join our newsletter



The Privacy Risk Most Data Scientists Are Missing

The Privacy Risk Most Data Scientists Are Missing

Facebook privacy issues

Data breaches are becoming increasingly common, and the risks of being involved in one are going up. A Ponemon Institute report (an IBM-backed think tank), found that the average cost of a data breach in 2018 was $148 per record, up nearly 5% from 2017.

Privacy regulations and compliance teams are using methods like masking and tokenization to protect their data — but these methods come at a cost.
Businesses often find that these solutions prevent data from being leveraged for analytics and on top of that, they also leave your data exposed.

Many data scientists and compliance departments protect and secure direct identifiers. They hide an individual’s name, or their social security number, and move on. The assumption is that by removing unique values from a user, the dataset has been de-identified. Unfortunately, that is not the case.

In 2010, Netflix announced a $1 million competition to whoever could build them the best movie-recommendation engine. To facilitate this, they released large volumes of subscriber data with redacted direct identifiers, so engineers could use Netflix’s actual data, without compromising consumer privacy. The available information included users’ age, gender, and zip code. However, when these indirect identifiers (also known as quasi-identifiers) were taken in combination, they could re-identify a user with over 90% accuracy. That’s exactly what happened, resulting in the exposure of millions of Netflix’s consumers. Within a few months, the competition had been called off, and a lawsuit was filed against Netflix.

When it comes to the risk exposure of indirect identifiers, it’s not a question of if, but a question of when. That’s a lesson companies have continuously found out the hard way. Marriott, the hotel chain, faced a data breach of 500 million consumer records and faced $72 million in damages due to a failure to protect indirect identifiers.

Businesses are faced with a dilemma. Do they redact all their data and leave it barren for analysis? Or do you leave indirect identifiers unprotected, and create an avenue for exposure that will lead to an eventual leak of your customers’ private data?

Either option causes problems. That can be changed!

That’s why we founded CryptoNumerics. Our software is able to autonomously classify your datasets into direct, indirect, sensitive, and insensitive identifiers, using AI. We then use cutting-edge data science technologies like differential privacy, k-anonymization, and secure multi-party computation to anonymize your data while preserving its analytical value. Your datasets are comprehensively protected and de-identified, while still being enabled for machine learning, and data analysis.

Data is the new oil. Artificial intelligence and machine learning represent the future of technology-value, and any company that does not keep up will be left behind and disrupted. Businesses cannot afford to leave data siloed, or uncollected.

Likewise, Data privacy is no longer an issue that can be ignored. Scandals like Cambridge Analytica, and policies like GDPR, prove that, but the industry is still not knowledgeable on key risks, like indirect identifiers. Companies that use their data irresponsibly will feel the damage, but those that don’t use their data at all will be left behind. Choose instead, not to fall into either category.

Join our newsletter



See How Companies Are Taking Part in Privacy Awareness Week

See How Companies Are Taking Part in Privacy Awareness Week

Facebook privacy issues
It’s Privacy Awareness week! This year, the theme is how ‘protecting privacy is everyone’s responsibility’. Google is trying to fix their privacy blunders even though experts are not impressed, while Amazon is still making the same blunders as before. Beware Canada, a rise in data breaches prompts significant warning. Canadian wireless carrier, Freedom Mobile, exposed for leaking 15,000 of their customers’ data.

Google wants us to know they have changed. They are emphasizing privacy like never before. For example, they are enhancing existing and adding new features.

A lot of their new moves are straight out of Apple’s playbook, such as:

  • On-device machine learning
  • Better in-app privacy controls
  • More control over websites tracking them with cookies
  • Incognito mode on Google Search and Maps

Not to mention, by reducing the cost of their hardware, they have an upper hand over Apple’s costlier hardware.

However, with their announcement on how they plan to give people more privacy control, experts are not very impressed. Ad-blocker company, Ghostery, says these changes are more to save face and less to save consumer privacy. These are marginal improvements, as they may be ignoring larger problems associated with consumer data privacy.

Regardless, Google’s new privacy features put the responsibility on users. They recently announced Android Q, its latest mobile OS, combined with 50 privacy and security features, including enhanced location tracking controls. Additionally, Google users can now set time limits for how long Google retains a certain type of information.

While Google is trying to make up for its data sins, Amazon is still making the same mistakes. Amazon Echo’s kid version, Echo Dot Kids, has been accused of tracking kids data without consent. Complaints have been filed to the Federal Trade Commission urging investigations are made. “We urge the FTC to investigate Amazon’s violations of the Children’s Online Privacy Protection Act (COPPA) for the safety and privacy of American children”.

Specifically, in Canada, the BC Office for the Information and Privacy Commissioner and the Better Business Bureau are warning individuals and companies to do a better job protecting their personal data. Last year, online shopping scams reached a whopping 3.5 million across Canada. “People get caught in the excitement to capitalize on a sale, grab that risk-free trial or purchase the last item before it goes out of stock and ends up jeopardizing their privacy.”

That being said, a Freedom mobile data breach has hit 15000 customers. They were warned by researchers days before the breach, but Freedom responded only after the warnings. Luckily, they found no evidence leading them to believe data has been misused and they are now “conducting a full forensic investigation to determine the full scope of impact”.

With privacy awareness week upon us, now is a great time to stay informed on the best tools to help your business remain full-proof in terms of data breaches and privacy protection.

 

 

Join our newsletter