Rewarded for sharing your data? Sign me up!

Rewarded for sharing your data? Sign me up!

Companies now starting to pay users for their data, in efforts to be more ethical. Large Bluetooth security flaw detected proving potentially harmful to millions. Blockchain’s future looking bright as privacy-preserving technology booms. Canadian federal elections being ‘watched’ for their history of ‘watching’ public.

Rewarded for sharing your data? Sign me up!

Drop Technologies has secured USD$44 million in investments towards growing a technology-based alternative towards traditional customer loyalty programs. With over three million users signed up already, as well as 300 brands on its platform, such as Expedia and Postmates, the company is headed in the right direction. 

Given that Facebook and other tech giants are monetizing data without user permission, getting paid for it doesn’t seem like a bad idea after all. “I’m a Facebook user and an Instagram user, and these guys are just monetizing my data left and right, without much transparency,” said Onsi Sawiris, a managing partner at New York’s HOF Capital.” At least if I’m signing up for Drop, I know that if they’re using my data I will get something in return, and it’s very clear” (Source).

This alternative to rewards programs basically tracks your spending with all of their 300+ brands, and lets you earn points that you can spend at certain companies such as Starbucks of Uber Eats. If it’s an alternative to credit card rewards, it will be beneficial to consumers looking for extra savings on their purchases. So don’t drop it till you try it!

Bluetooth proving to be a potential data breach vulnerability 

Researchers have discovered a flaw that leaves millions of Bluetooth users vulnerable to data breaches. This flaw enables attackers to interfere while two users are trying to connect without being detected, as long as they’re within a certain range. From music to conversations, to data entered through a Bluetooth device, anything could be at risk. “Upon checking more than 14 Bluetooth chips from popular manufacturers such as Qualcomm, Apple, and Intel, researchers discovered that all the tested devices are vulnerable to attacks” (Source). 

Fortunately, some companies such as Apple and Intel have already implemented security upgrades on their devices. Users are also advised to keep their security, software, and firmware updated at all times. 

Get ready for blockchain advancements like never before

For the past decade, blockchain has been used to build an ecosystem where cryptocurrencies and peer-to-peer transactions are just a few of the many use cases. (Source).

Traditionally, data is shared across centralized networks, leaving systems vulnerable to attacks. However, with decentralization as an added security measure to blockchain, the threat of a single point of failure across a distributed network is eradicated. 

As more and more companies turn to blockchain to gain the benefits of more efficient data sharing and easier data transfers, privacy is overlooked.

In most public blockchains today, transactions are visible to all nodes of a network. Naturally, of course, the issue of privacy is raised due to the sensitive nature of the data, and this transparency comes at a cost. With digital transformation happening all around us, privacy protection cannot be ignored.

To address privacy, many blockchain companies are employing privacy-preserving mechanisms on their infrastructures, from zero-knowledge proofs to encryption algorithms such as Multi-Party Computation (MPC). These mechanisms encrypt data as it’s shared and only reveal the specific elements needed for a specific task (Source).

Costs efficiencies and a better understanding of consumer needs are just a few of the advantages of privacy-preserving mechanisms being introduced. As data and privacy go hand in hand in the future, equitability and trust will be our key to unlock new possibilities that enhance life as we know it (Source).

Upcoming Canadian elections could turn into surveillance problem

Once again, the Canadian federal elections are raising concerns about interference and disruption through the misuse of personal data. In the past, political parties have been known to use their power to influence populations who are not aware of how their data is being used. 

Since data has played a major role in elections, this could become a surveillance issue because experts who study surveillance say that harnessing data has been the key to electoral success, in past elections. “Politicians the world over now believe they can win elections if they just have better, more refined and more accurate data on the electorate” (Source).

A related issue is a lack of transparency between voters and electoral candidates. “There is a divide between how little is publicly known about what actually goes on in platform businesses that create online networks, like Facebook or Twitter, and what supporters of proper democratic practices argue should be known” (Source).

The officials of this upcoming election should be paying close attention to the public’s personal data and how it is being used.

Join our newsletter


A deep dive into Facebook’s privacy today

A deep dive into Facebook’s privacy today

This week we take a deep look into what privacy looks like for Facebook. First, we will explore what user data Facebook is collecting. Then, we will look at how Facebook is invading users’ privacy…again. Finally, we will discuss the new privacy scam directed at Facebook.

See and control what Facebook collects from you

Last year, Facebook announced their upcoming release of a tool to ‘clear history’ and delete data that third-party websites and apps share with the social media giant. Fast-forward to today, the company has kept its word and has released the tool in Ireland, South Korea, and Spain. 

The tool, known as ‘Off-Facebook Activity’, allows you to see and control what information has been collected about you by apps and websites and sent to Facebook. It will show you information about your online activities, the questions you search on Google and your online shopping history. However, while it has the option to disconnect the data, it cannot delete it.

If you choose to clear your activity, Facebook will simply remove your identifying information from the data and unlink it to your account. It will not delete the data (Source).

This is the first step in the right direction, as this is the first time Facebook has allowed users to control or even see this information.

Facebook’s voice transcripts more invasive

Facebook has been transcribing users’ audio clips for quality control and to improve the accuracy of their services. Unlike Alexa or Google Home workers listening to user recordings, Facebook’s audio does not come from users giving smart assistants commands but from human-to-human communication. Bloomberg reported that Facebook contractors were kept in the dark with regards to where the audio came from and why these audio clips needed to be transcribed. 

While Google, Apple, and Facebook have temporarily suspended human audio reviews, Amazon has chosen to let its users opt-out (Source).

Another Facebook privacy scam, and this time it’s not Facebook’s fault

People have been reposting and resharing a viral message, that explicitly notifies Facebook of their rights as users.

“Don’t forget tomorrow starts the new Facebook rule where they can use your photos. Don’t forget Deadline today!!! It can be used in court cases in litigation against you. Everything you’ve ever posted becomes public from today Even messages that have been deleted or the photos not allowed. It costs nothing for a simple copy and paste, better safe than sorry. Channel 13 News talked about the change in Facebook’s privacy policy. I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, messages or posts, both past and future. With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents. The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308- 1 1 308-103 and the Rome Statute. NOTE: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version. If you do not publish a statement at least once it will be tacitly allowing the use of your photos, as well as the information contained in the profile status updates. FACEBOOK DOES NOT HAVE MY PERMISSION TO SHARE PHOTOS OR MESSAGES.”

It is not real, it is a scam, and there are several reasons why. Firstly, the message is written poorly with no attention to capitalization and grammar. Secondly, there is no way you can end up in court by using social media. Thirdly, Facebook does not own your content, there are several discrepancies. Finally, posting a statement on your Facebook timeline that is contrary to Facebook’s privacy terms has no legal effect nor does it change Facebook’s privacy policies (Source).

However, if you are still wary about your privacy being at risk, take some measures to be safer. Change your privacy controls. Don’t post content that you don’t want being shared. Or, simply cancel your account for the best protection guaranteed. 

 

Join our newsletter


Facial Recognition Technology is Shaking Up the States

Facial Recognition Technology is Shaking Up the States

Facial recognition technology is shaking up the States

Many states in America are employing facial recognition devices at borders to screen travelers. However, some cities like Massachusetts and San Francisco have banned the use of these devices, and the American Civil Liberties Union (ACLU) is pushing for a nationwide ban. 

It is still unclear how the confidential data gathered by the facial recognition devices will be used. Could it be shared with other branches of the government, such as ICE? 

ICE, or Immigrations and Customs Enforcement have been in the public eye for some time now, for their arrests of undocumented workers and immigration offenders. 

“Any time in the last three to four years that any data collection has come up, immigrants’ rights … have certainly been part of the argument,” says Brian Hofer, who is part of Oakland’s Privacy Advisory Commission. “Any data collected is going to be at risk when [ICE is] on a warpath, looking for anything they can do to arrest people. We’re definitely trying to minimize that exposure”.

This unregulated data is what is helping ICE locate and monitor undocumented people violating laws (Source).

Now Microsoft is listening to your Skype calls

A new day, a new privacy scandal. This week, Microsoft and Skype employees were revealed to be reviewing real consumer video chats, to check the quality of their software, and its translations. 

The problem is that they are keeping their customers in the dark on this, as do most tech companies. Microsoft has not told its consumers that they do this, though the company claims to have their users’ permission. 

“I recommend users refrain from revealing any identifying information while using Skype Translation, and Cortana. Unless you identify yourself in the recording, there’s almost no way for a human analyst to figure out who you are”, says privacy advocate Paul Bischoff (Source).

Essentially Alexa, Siri, Google Home, and Skype are listening to your conversations. Instead of avoiding these products as a consequence, however, we are compromising our privacy for convenience and efficiency. 

Canadians want more healthcare tech, regardless of privacy risks

New studies indicate that Canadians are open to a future where healthcare is further enhanced with technology, despite privacy concerns. 

The advantages of these innovations include reduced medical errors, reduced data loss, better-informed patients, and much more. 84% of respondents wanted to access their health data on an electronic platform, as opposed to hard copy files. 

Dr. Gigi Osler, president of the Canadian Medical Association, states, “We’ve got hospitals that still rely on pagers and fax machines, so the message is clear that Canada’s health system needs an upgrade and it’s time to modernize”. 

Furthermore, most respondents look forward to the possibility of online doctor visits, believing that treatment could be faster and more convenient (Source).

After all, if we bank, shop, read, watch movies and socialize online, why can’t we get treated online? 

Join our newsletter


CryptoNumerics’ Privacy Automation Solutions

CryptoNumerics’ Privacy Automation Solutions

The demand for Data Privacy Automation has arrived. Manual ways to make data private cannot keep up with the new data privacy regulations and thus a new solution is needed. This is hindering many organizations by slowing down their data processes and analytics. Introducing Privacy Automation, where companies can unlock their data and use their most valuable asset in a way that both protects and adds value to their customers’ lives.

The CryptoNumerics solutions bring forth a new next-generation of privacy automation solutions. Privacy Automation is not just about encrypting and hashing data. It’s far more complex than that. Privacy Automation needs to assess the risk of the data for re-identification. It needs to apply privacy actions to the data that allows the analytical value to be used in Data Science environments. It also needs to balance the compliance and risk teams’ requirements together with the data analytics teams. Privacy automation needs to provide complete Audit and Compliance reporting. CryptoNumerics’ Privacy Automation solutions are truly next-generational. It’s intended to be enterprise, end-to-end, thus harmonizing both the Compliance and the Data Science teams.

Join our newsletter


How to Decode a Privacy Policy

How to Decode a Privacy Policy

How to Decode a Privacy Policy

91% of Americans skip privacy policies before downloading apps. It is no secret that people and businesses are taking advantage of that, given that there’s a new app scandal, data breach or hack everyday. For example, take a look at the FaceApp fiasco from last month.

In their terms of use, they clearly state the following;

 “You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public” (Source).

However, these documents should actually be rendered important, especially since it discloses legal information about your data, including what the company will do with your data, how they will use it and with whom they will share it. 

So let’s look at the most efficient way to read through these excruciating documents. Search for specific terms by doing a keyword or key phrase search. The following terms are a great starting point: 

  • Third parties
  • Except
  • Retain
  • Opt-out
  • Delete
  • With the exception of
  • Store/storage
  • Rights 
  • Public 

“All consumers must understand the threats, their rights, and what companies are asking you to agree to in return for downloading any app,” Adam Levin, Founder of CyberScout says. “We’re living in an instant-gratification society, where people are more willing to agree to something because they want it right now. But this usually comes at a price” (Source).

New York Passes Data Breach Law

A New York law has recently been passed, known as the SHIELD Act, or the Stop Hacks and Improve Electronic Data Security Act. This act requires businesses that collect personal data from New York residents to comply. Below are some of the act’s enforcement and features: 

  • requires notification to affected consumers when there is a security breach,
  • broadens the scope of covered information, 
  • expands the definition of what a data breach means, 
  • and extends the notification requirement to any entity with the private information of a New York resident (Source)

Why Apple Won’t Let You Delete Siri Recordings

Apple claims to protect its users’ privacy by not letting them delete their specific recordings. “Apple’s Siri recordings are given a random identifier each time the voice assistant is activated. That practice means Apple can’t find your specific voice recordings. It also means voice recordings can’t be traced back to a specific account or device” (Source).

After it was reported that contractors were listening to private Siri conversations, including doctor discussions and intimate encounters, Apple needed to change its privacy policies. 

The reason why Siri works differently than its rivals is because of how Google Assistant or Alexa data is connected directly with a user’s account for personalization and customer service reasons. Apple works differently, as they don’t rely too much on ad revenue and customer personalization like their rivals – they rely on their hardware products and services.

LAPD Data Breach Exposes 2,500 Officers’ Data

The PII of about 17,500 LAPD applicants and 2,500 officers has been stolen in a recent data breach, with information such as names, IDs, addresses, dates of birth and employee IDs compromised.

LAPD and the city are working together to understand the severity and impact of the breach. 

“We are also taking steps to ensure the department’s data is protected from any further intrusions,” the LAPD said. “The employees and individuals who may have been affected by this incident have been notified, and we will continue to update them as we progress through this investigation” (Source).

Join our newsletter


Capital One: An Expensive Lesson to Learn

Capital One: An Expensive Lesson to Learn

As part of their business practices, organizations are uploading private customer information to the cloud. However, just focusing on how secure the data is and not thinking about privacy is a mistake.

Capital One’s recent data breach proves that organizations need to be more conscious and proactive about their data protection efforts to prevent potential privacy exposure risks. Organizations have the obligation to ensure their customers’ data is fully privacy-protected before it is uploaded to the cloud. This doesn’t just mean eliminating or encrypting client names, ID’s, etc. It also entails understanding the risks of re-identification and applying as many privacy-protecting techniques as needed.

Capital One’s USD$150 Million Mistake

This month, one of the United States’ largest credit card issuers, Capital One, publicly disclosed a massive data breach affecting over 106 million people. Full names, addresses, postal codes, phone numbers, email addresses, dates of birth, SINs/SSNs, credit scores, bank balances and, income amounts were compromised (Source).

Former AWS systems engineer, Paige Thompson, was arrested for computer fraud and abuse, as a result of obtaining unauthorized access to Capital One customer data and credit card applications (Source). “Thompson accessed the Capital One data through exploiting a ‘misconfiguration’ of a firewall on a web application, allowing her to determine where the information was stored” F.B.I. officials stated. “These systems are very complex and very granular. People make mistakes” (Source).

To make amendments, Capital One is providing any affected customers with free credit monitoring and identity theft insurance in efforts. They will also be notifying customers if their data has been compromised (Source). 

Unfortunately, the company is expecting the breach to cost about USD$150 million, and these costs are driven by customer notifications, credit monitoring, technology costs, and legal support.

How the breach could have been avoided

Simply encrypting data isn’t enough because Thompson was able to exploit a security system vulnerability and decrypt the data (Source). 

Organizations should apply as many privacy-protecting techniques as possible to their dataset to minimize risks of customer re-identification in case of a data breach.

One way in which data can be privacy-protected to reduce the risk of re-identification is by anonymizing it. The best privacy technique to accomplish anonymization is differential privacy, which uses mathematical guarantees to hide whether an individual is present in a dataset or not. 

A second way to reduce the risk of re-identification is by combining pseudonymization of direct identifiers with generalization and suppression techniques of indirect identifiers. Optimal k-anonymity is a privacy technique that generalizes and suppresses data to make it impossible to distinguish any specific individual from the rest of the individuals.

Organizations should elevate their understanding of privacy-protection to the same level at which they understand cyber-security. There are two essential questions that every organization need to be able to answer:

  1. What is the re-identification risk of my data?
  2. What privacy-protecting techniques can we implement throughout our data pipeline?

To learn more about how CryptoNumerics can help you privacy-protect your data, click here.

Join our newsletter