More than 25million people in the U.S. have installed an Echo, Echo Dot, or Echo Look in their home or office. And still, very few understand that every time you tell Alexa to do something, Amazon is recording, storing, and using your voice commands. Here’s exactly what and how Amazon is recording, storing, and using what you say, and how to delete those recordings.
The Association of National Advertisers (ANA) admitted this week that it had suffered a data breach last August through October (2018), about which it learned last October (2018), but which it only advised those affected this week (the last week of January, 2019). Consider these dates when also considering the fact that just last month (December 2018, two months after ANA knew about the data breach) ANA was pushing back, hard, against legislation regarding more stringent requirements for – wait for it – notification of data breaches.
In the past 24 hours it was revealed, and then admitted by Apple, that a bug in the FaceTime app was allowing FaceTime callers to listen in on the audio of what was going on around the recipient’s device before the recipient picked up the call. And if the recipient pressed the button to reject the call, instead of ending the call it would start broadcasting video from the recipient’s device as well!
Facebook has, perhaps unintentionally, revealed that they are analyzing all of your images, taking note of the content of those images, and using what they find to further their reach.
Facebook has announced that up to 1500 third-party Facebook apps had access to user photos that they were not supposed to be able to access – including unpublished photos. The self-inflicted privacy hole was due to a ‘bug’ in the Facebook photo API which, Facebook says, granted the apps unpermitted access to the photos of as many as 6.8 million Facebook users for 12 days in September of 2018.
Hot on the heels of California passing their California Consumer Protection Act (CCPA) which is actually a consumer data protection law, and on the slightly more distant heels of the passage and enactment of the General Data Protection Regulation (GDPR), Colorado has both passed and enacted the Colorado Consumer Data Protection Act (CCDPA).
Two weeks ago California passed AB 375, now Title 1.81.5 of the California Code, and known as the California Consumer Privacy Act of 2018 (AB stands for Assembly Bill, meaning it was first introduced in the Assembly; SB would mean it had been introduced in the Senate). Also now known as the CCPA, the original sponsors of AB375 were California Assemblyman Edwin Chau, and California Senators Bob Hertzberg and Bill Dodd, Democrats all. The CCP is the California equivalent of GDPR.
In a fairly stunning win for mobile phone privacy, the Supreme Court has ruled that law enforcement agencies must obtain a warrant before they can demand and receive from mobile carriers and mobile providers access to the cell phone location data (known as ‘cell site location information’, or CSLI for short) of a given cellular phone. In the case of Carpenter v. United States, the Supreme Court held that tracking a cell phone is barely different than putting an ankle bracelet on an individual and monitoring their movements, and so overturned related case law that has been around for (up to) decades.
One of the things that Facebook did right was not allowing people to see whether you are logged into Facebook. Unfortunately, they completely undid that when they rolled out Facebook Messenger, and the newest versions of Facebook Messenger turn out to be a stalker’s dream.
GDPR offers a panoply of rights for individuals. Even if you are not a business owner or a corporate officer or manager, by now you have probably heard the term ‘GDPR’, or the phrase ‘General Data Protection Regulation’, which is what ‘GDPR’ stands for. As an individual you may have thought “Whatever the heck GDPR is, it doesn’t affect or apply to me.” But you would be wrong. The good news is that, as an individual, you are the protected entity covered by the ‘Protection’ in General Data Protection Regulation!
I was recently interviewed, in my capacity as an Internet law and policy attorney, and head of the Institute for Social Internet Public Policy, for an article sponsored by RSA about the impact that GDPR (the EU’s General Data Protection Rules), which goes into effect in the European Union in May 2018, is going to impact, well, everything. And, in particular, about how it will impact U.S. based businesses, because, trust me, it will.
Last week we started hearing about the Equifax data breach, although Equifax had actually known about the data breach at least a month earlier. (The full text of the Equifax statement about the cybersecurity data breach is reprinted below.) The most stunning thing about this breach is the breadth of it: the Personally Identifiable Information (PII), including names, social security numbers, and driver’s license numbers of 143 million U.S. citizens were exposed in this breach. Here is what you need to do, right now, to protect yourself.
iRobot, the company behind the Roomba vacuum, along with other cleaning robots, has sold 15 million of those little suckers worldwide. Part of the Roomba’s brilliance is mapping your house in order to be as effective and efficient as possible. However, many people are not aware of this mapping feature, and even those who are may not realize that the mapping data – i.e. the map of their home – is being sent back to iRobot HQ, and stored in the cloud. Nor have they likely realized that iRobot might like to share the map of their home with others. But that is exactly part of iRobot’s business strategy.