That mental health app might share your data without telling you

Free apps marketed to people with depression or who want to quit smoking are hemorrhaging user data to third parties like Facebook and Google — but often don’t admit it in their privacy policies, a new study reports. This study is the latest to highlight the potential risks of entrusting sensitive health information to our phones.

Though most of the easily-found depression or smoking cessation apps in the Android and iOS stores share data, only a fraction of them actually disclose this. The findings add to a string of worrying revelations about what apps are doing with the health information we entrust to them. For instance, a Wall Street Journal investigation recently revealed the period tracking app Flo shared users’ period dates and pregnancy plans with Facebook. And previous studies have reported health apps with security flaws or that shared data with advertisers and analytics companies.

In this new study, published Friday in the journal JAMA Network Open, researchers searched for apps using the keywords “depression” and “smoking cessation.” Then they downloaded the apps and checked to see whether the data put into them was shared by intercepting the app’s traffic. Much of the data the apps shared didn’t immediately identify the user or was even strictly medical. But 33 of the 36 apps shared information that could give advertisers or data analytics companies insights into people’s digital behavior. And a few shared very sensitive information, like health diary entries, self reports about substance use, and usernames.

Those kinds of details, plus the name or type of app, could give third parties information about someone’s mental health that the person might want to keep private. “Even knowing that a user has a mental health or smoking cessation app downloaded on their phone is valuable ‘health-related’ data,” Quinn Grundy, an assistant professor at the University of Toronto who studies corporate influences on health and was not involved in the study, tells The Verge in an email.

FOLLOW THE LINK FOR THE FULL REPORT – JR

https://www.theverge.com/2019/4/20/18508382/apps-mental-health-smoking-cessation-data-sharing-privacy-facebook-google-advertising

Advertisements

What Sony’s robot dog teaches us about biometric data privacy

The $2,900 pup is a companion robot, one Sony claims “learns its environment and develops relationships with people.” Aibo even enlists a camera in its nose to scan faces and determine who’s who so it can react to them differently.

Because of our office pet’s face-detecting capabilities, Sony doesn’t sell Aibo in Illinois. The state’s Biometric Information Privacy Act (BIPA) regulates the collection of biometric data, including face scans.

So Aibo’s out in the land of Lincoln, but the story doesn’t stop with Sony’s quirky robot. Illinois also limits access to facial recognition in home security cameras, a feature that’s becoming increasingly prevalent in the consumer security market. Let’s take a closer look at BIPA, the growth of biometric tech in consumer products — and how other states in the US treat your biometric info.

Illinois law

The Biometric Information Privacy Act was established in 2008 to regulate “the collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information.” BIPA defines “biometric identifiers” as retina scans, iris scans, fingerprints, hand scans, face scans and voiceprints.

Basically, an individual or a company needs “informed written consent” to use another individual’s biometric info.

State senator Terry Link for Illinois’ 30th district introduced Senate Bill 2400 on Feb. 14, 2008 to protect the biometric privacy of Illinois residents. State senators Christine Radogno, Iris Y. Martinez, David Koehler and Heather Steans served as co-sponsors of the bill. It was approved as the Biometric Information Privacy Act on Oct. 3, 2008.

Senator Link filed an amendment to BIPAon May 26, 2016 to redefine “biometric identifier,” to make it easier to collect certain biometric data, but later withdrew the amendment.

A Sony support page titled “Why Is Aibo Not for Sale in Illinois?” simply says:

Due to state regulations and policies, the Aibo™ robotic companion is not for sale or use in Illinois.

In order to mimic the behavior of an actual pet, an Aibo device will learn to behave differently around familiar people. To enable this recognition, Aibo conducts a facial analysis of those it observes through its cameras. This facial-recognition data may constitute “biometric information” under the law of Illinois, which places specific obligations on parties collecting biometric information. Thus, we decided to prohibit purchase and use of Aibo by residents of Illinois.

While Sony simply opted out of selling the face-detecting Aibo in Illinois, other companies, like Nest, sell their facial recognition-enabled cams in Illinois, with the facial recognition feature disabled.

A quick visit to the Nest Cam IQ Indoorpage says “Familiar face alerts require a Nest Aware subscription. Not available on Nest Cams used in Illinois.”

The Nest Cam IQ Indoor has an optional feature called familiar face alerts that you pay a monthly (or yearly) fee to access via the Nest Aware service. Like many other home security cameras with facial recognition, the IQ Indoor allows you to create a database with the faces of friends, family members, caregivers and any other people that regularly visit your home. That way, when you get a motion alert, the Nest app tells you it sees “Molly” or “Tyler.”

That feature won’t work in Illinois, even if you pay for Nest Aware. Google disables Nest’s facial recognition capabilities in the state: “We use a variety of factors to determine a user’s location, including IP address of their devices and the physical address associated with their account,” a Google spokesperson told me over email.

Privacy talk

Although BIPA remains the strictest state privacy law, Texas and Washington also regulate biometric information. A Texas law, established in 2009, similarly defines biometric identifiers as “a retina or iris scan, fingerprint, voiceprint, or record of hand or face geometry.”

A section of the law states: “A person may not capture a biometric identifier of an individual for a commercial purpose unless the person: informs the individual before capturing the biometric identifier; and receives the individual’s consent to capture the biometric identifier.”

Washington’s 2017 House Bill 493 doesn’t specifically reference face or hand scans in its definition of biometric identifier. The definition also doesn’t include “a physical or digital photograph, video or audio recording or data generated therefrom, or information collected, used, or stored for health care treatment, payment, or operations under the federal health insurance portability and accountability act of 1996.”

The Electronic Frontier Foundation, a nonprofit advocacy group for digital privacy, supports state regulation of biometric data.

“When you start to capture biometrics from people it turns a corner to where we think that shouldn’t be happening without the consent of the person who’s biometrics are being taken,” EFF senior staff attorney Adam Schwartz says during a phone interview while referencing Illinois’ Biometric Information Privacy Act.

“What it says [BIPA] is that, one private person can’t take biometrics from another private person without their consent. And that’s where we [the EFF] would draw the line,” Schwartz adds.

The facial recognition landscape

At the same time that states are implementing biometric privacy laws, we’re seeing more consumer devices with facial recognition. Here’s a list of home security cameras you can buy today with facial recognition capabilities.

Not only is facial recognition more prevalent, we’re also seeing more products that enlist fingerprints or hand scans. The iPhone and other smartphoneshave fingerprint-scanning capabilities so you can quickly unlock your phone. I saw a smart lock at CES 2019 called the Elecpro US:E that relies on a face scan and a hand scan to unlock.

Airports are increasingly adding tech that scans faces or fingerprints to determine who you are, too. Schwartz refers to the growing popularity of biometric tech as a “normalization of biometrics,” something the EFF finds concerning, he says.

“If you start using biometrics to board your airplane because it’s convenient, other forms of biometrics seem more normal. We’re very concerned about that,” explains Schwartz.

Whether or not you’re personally concerned about your biometric data, expect to see more regulations around it in the coming years. Alaska, Michigan, Montana and New Hampshire are already working on their own biometric laws. And, given the influx of devices that use biometric information both for consumer and commercial purposes, more are probably on the way.

FOLLOW THE LINK FOR THE FULL REPORT – JR

https://www.cnet.com/news/what-sonys-robot-dog-teaches-us-about-biometric-data-privacy/

Web inventor urges users to seek ‘complete control’ of data

World Wide Web inventor Tim Berners-Lee on Monday slammed the increasing commodification of personal information and appealed for internet users to strive to maintain “complete control” of their data.

Berners-Lee, credited with creating the web in 1989, is on a mission to save his invention from a range of problems increasingly dominating online life, including misinformation and a lack of data protection.

“You should have complete control of your data. It’s not oil. It’s not a commodity,” he told a small group of journalists gathered at Europe’s physics lab CERN, where he first came up with the idea for the web 30 years ago.

When it comes to personal data, “you should not be able to sell it for money,” he said, “because it’s a right”.

Berners-Lee, who last year launched a development platform called “Solid” aimed at giving users control of their data, described a frightening future if we do not rise to the challenge of privacy protection.

“There is a possible future you can imagine (in which) your browser keeps track of everything that you buy,” he said.

In this scenario, “your browser actually has more information then Amazon does”, he said, warning against complacency in expecting no harm will come from this loss of control over one’s own data.

“We shouldn’t assume that the world is going to stay like it is,” he said.

People needed to do more to protect themselves and their data and not to simply expect that governments will look out for their best interests, he argued.

Berners-Lee told a Washington Post event last week that he launched the Solid projet in response to concerns about personal data being bought and sold without the consent of users.

– ‘Don’t fail the web –

The platform aimed “to separate the apps from the data storage” so users could decide where and how they would share their personal information, he said.

He acknowledged Monday that enforcible laws would be needed to protect the most sensitive personal data.

“Sometimes it has to be legislation which says personal data, you know, genetic data, should never be used,” he said.

In addition to his work advocating for data protection, Berners-Lee has launched a “Contract for the Web”, aimed at ensuring the integrity of online information.

In a letter published Monday, he hailed the opportunities the web had created, giving marginalised groups a voice and making daily life easier.

But he warned, “it has also created opportunity for scammers, given a voice to those who spread hatred, and made all kinds of crimes easier to commit”.

He was nevertheless optimistic that the problems could be fixed.

“Given how much the web has changed in the past 30 years, it would be defeatist and unimaginative to assume that the web as we know it can’t be changed for the better in the next 30,” he wrote.

“If we give up on building a better web now, then the web will not have failed us. We will have failed the web.”

Internet users must fight to keep control of their data, says the inventor of the World Wide Web, British scientist Tim Berners-Lee

FOLLOW THE LINK FOR THE FULL REPORT – JR

https://au.news.yahoo.com/inventor-urges-users-seek-complete-control-data-210123158–spt.html

Hackers Threaten To Reveal Secret Data Linked To 9/11 Attacks

A hacker group has threatened to reveal “secret” data related to September 11 attacks in the US after claiming to have got access to a large cache of confidential files.

In its announcement published on Pastebin, the group known as The Dark Overlord pointed to several different insurers and legal firms, claiming specifically that it hacked Hiscox Syndicates Ltd, Lloyds of London, and Silverstein Properties, the Motherboard reported on Tuesday.

“Hiscox Syndicates Ltd and Lloyds of London are some of the biggest insurers on the planet insuring everything from the smallest policies to some of the largest policies on the planet, and who even insured structures such as the World Trade Centers,” the group said in the announcement.

The group threatened to reveal the documents unless the victims pay them an undisclosed ransom fee in Bitcoin.

While it is not clear what exact files the group has got access to, it is trying to capitalise on conspiracy theories around the 9/11 attacks.

“We’ll be providing many answers about 9.11 conspiracies through our 18.000 secret documents leak,” the group tweeted on Monday.

A spokesperson for the Hiscox Group confirmed to Motherboard that the hackers had breached a law firm that advised the company, and likely stolen files related to litigation around the 9/11 attacks.

The hacking group published a small set of letters, emails and other documents that mention various law firms, as well as the Transport Security Administration (TSA) and Federal Aviation Administration in the US, according to the Motherboard report.

The group has threatened to release more documents.

.

FOLLOW THE LINK FOR THE FULL REPORT – JR

https://www.ndtv.com/world-news/9-11-attacks-september-11-attack-hackers-threaten-to-reveal-secret-data-linked-to-9-11-attacks-1971754

CDC Data Shows Strong Relationship Between MMR Vaccine, Autism

Note: After four long years, CHD Board Member, Dr. Brian Hooker‘s reanalysis of the CDC’s MMR-autism data from the original DeStefano et al. 2004 Pediatrics paper has been republished in the Winter 2018 Edition of the Journal of American Physicians and Surgeons.

The data, when properly analyzed, using the CDC’s own study protocol, show a strong, statistically significant relationship between the timing of the first MMR vaccine and autism, specifically in African American males.

In addition, a relationship also exists in the timing of the MMR vaccine and those individuals who were diagnosed with autism without mental retardation. These relationships call into question the conclusion of the original DeStefano et al. 2004 paper which dismissed a connection between the MMR vaccine and autism.

MAIN POINTS FROM REANALYSIS:

  • The rate of autism diagnoses has increased alarmingly in the U.S., and is about 25 percent higher in black children. Boys are far more likely than girls to receive this diagnosis.
  • As early as 2001, the Centers for Disease Control and Prevention (CDC) had data showing an increased rate of autism diagnoses in black male school children in Atlanta who received their first measles-mumps-rubella (MMR) vaccination before 36 months of age.
  • The original publication concerning the data downplayed the association, and no follow-up was conducted.
  • Dr. Hooker noted that the CDC deviated from its original data analysis plan, possibly because of unwanted results.
  • The relationship loses its statistical significance if the analysis is restricted to children with a Georgia birth certificate, which decreases the sample size by about 40 percent.
  • Dr. Hooker reanalyzed the same data set using the same methodology of conditional logistic regression but didn’t exclude children lacking a Georgia birth certificate.
  • By stratifying data for African-American males by birth year, Dr. Hooker also found a statistically significant higher risk of an autism diagnosis in children who had received the first MMR vaccine 1 year earlier, only in children born in 1990 or later. Thimerosal exposure increased in the early 1990s, and it was not removed from most pediatric vaccines until 2001-2004. Dr. Hooker suggests the possibility that there may be some interaction between increased mercury exposure and early MMR vaccination. Further study would be needed to explore this possibility.
  • Dr. Hooker’s interest was sparked, he reports, by communication with a CDC whistleblower, a senior scientist, who had retained some of the original analyses.
  • Dr. Hooker concludes that failure to follow-up on these observations represents a huge lost opportunity to understand possible reasons for the enormous increase in this devastating neurological disability.

INTRODUCTION FROM DR. HOOKER’S ARTICLE:

“This study is a re-analysis of Centers for Disease Control and Prevention (CDC) data pertaining to the relationship of autism incidence and the age at which children got their first measles-mumps-rubella (MMR) vaccine. Statistically significant relationships were observed when African-American males were considered separately while looking at those individuals who were vaccinated prior to and after a 36-month age cut-off. CDC officials observed very similar relationships as early as November 2001, but failed to report them in their final publication. In addition, a relationship is seen when specifically considering children who received a diagnosis of autism without mental retardation. Although this was reported in the original 2004 paper, it was not discussed, nor was any follow-up study conducted. Preliminary results also suggest the possibility of a synergism between thimerosal exposure and MMR timing leading to a greater risk of autism.”

CONCLUSION FROM DR. HOOKER’S ARTICLE:

“The first data set used by DeStefano et.al represents a huge lost opportunity to understand any role between the timing of the first MMR vaccine and autism. The re-analysis presented here elucidates effects that should at least merit further investigation. Specifically, increased risks of earlier vaccination are observed for African-American males and among cases of autism without MR. Both phenomena deserve additional study that could yield important clues regarding the current enormous increase in autism.”

Dr. Hooker’s Reanalysis of CDC Data on Autism Incidence and Time of First MMR Vaccination was published December 7, 2018 in the Journal of American Physicians and Surgeons.

The viewpoints expressed here do not necessarily represent those of Global Media Sentry.

FOLLOW THE LINK FOR THE FULL REPORT – JR

https://www.infowars.com/cdc-data-shows-strong-relationship-between-mmr-vaccine-autism-report/

Facebook Gave Device Makers Deep Access to Data on Users and Friends

As Facebook sought to become the world’s dominant social media service, it struck agreements allowing phone and other device-makers access to vast amounts of its users’ personal information.

Facebook has reached data-sharing partnerships with at least 60 device-makers — including Apple, Amazon, BlackBerry, Microsoft and Samsung — during the last decade, starting before Facebook apps were widely available on smartphones, company officials said. The deals, most of which remain in effect, allowed Facebook to expand its reach and let device-makers offer customers popular features of the social network, such as messaging, “like” buttons and address books.

But the partnerships, whose scope has not previously been reported, raise concerns about the company’s privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. Facebook allowed the device companies access to the data of users’ friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device-makers could retrieve personal information even from users’ friends who believed they had barred any sharing, The New York Times found.

FOLLOW THE LINK FOR THE FULL REPORT – JR

https://www.nytimes.com/2018/06/03/technology/facebook-user-data.html

Facebook explored patient data sharing agreement with hospitals

Facebook has asked several major U.S. hospitals to share anonymized data about their patients, such as illnesses and prescription info, for a proposed research project. Facebook was intending to match it up with user data it had collected, and help the hospitals figure out which patients might need special care or treatment.

The proposal never went past the planning phases and has been put on pause after the Cambridge Analytica data leak scandal raised public concerns over how Facebook and others collect and use detailed information about Facebook users.

“This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone’s data,” a Facebook spokesperson told CNBC.

FOLLOW THE LINK FOR THE FULL REPORT – JR

https://www.cnbc.com/2018/04/05/facebook-building-8-explored-data-sharing-agreement-with-hospitals.html

Facebook Data Scandal Has Left Zuckerberg Isolated in Tech

Facebook Inc. Chief Executive Officer Mark Zuckerberg has found himself with few defenders in the technology industry.

Apple Inc. CEO Tim Cook, Tesla Inc.’s Elon Musk and Salesforce.com Inc.’s Marc Benioff have criticized the social media network in the wake of its user data scandal involving political-advertising firm Cambridge Analytica. Other tech leaders have remained quiet in the ensuing backlash against Facebook, in contrast to Silicon Valley’s usual practice of rallying around its own during major crises.

Facebook has sought to repair its public image and trust with more than 2 billion users after reports surfaced that Cambridge Analytica obtained data on as many 50 million of those U.S. accounts. As Zuckerberg, 33, faces calls to testify before Congress and lawmakers raise the idea of new regulations on tech, his peers have either stayed quiet or publicly criticized his company. In times of crisis, tech companies have sometimes huddled together to defend the industry, such as when Apple fought the FBI to protect an encrypted iPhone and during President Donald Trump’s proposed immigration ban last year against mostly Muslim countries.

FOLLOW THE LINK FOR THE FULL REPORT – JR

https://www.bloomberg.com/news/articles/2018-04-02/facebook-data-scandal-has-left-zuckerberg-isolated-in-big-tech

Cambridge Analytica HQ raided amid Facebook data breach scandal

ICO officers had arrived at its building at around 8pm after Elizabeth Denham, the Information Commissioner, was granted a warrant an hour earlier after requesting access to records and data on Monday. Speaking to Channel 4 News, who broke the story after an undercover sting, Ms Denham said: ‘We need to get in there. ‘We need to take a look at the databases, we need to look at the servers and understand how data was processed or deleted by Cambridge Analytica.’

FOLLOW THE LINK FOR THE FULL REPORT – JR

Read more: http://metro.co.uk/2018/03/24/cambridge-analytica-hq-raided-amid-facebook-data-breach-scandal-7412847/?ito=cbshare

Twitter: https://twitter.com/MetroUK | Facebook: https://www.facebook.com/MetroUK/

http://metro.co.uk/2018/03/24/cambridge-analytica-hq-raided-amid-facebook-data-breach-scandal-7412847/

FTC reportedly to investigate Facebook’s use of personal data

The Federal Trade Commission is investigating whether the use of personal data from 50 million Facebookusers by Cambridge Analytica violated a consent decree the tech company signed with the agency in 2011, Bloomberg reported Monday.

The probe follows a weekend of turmoil for the social media giant. Reports this weekend said the research firm improperly gained access to the data of more than 50 million Facebook users.

“We are aware of the issues that have been raised but cannot comment on whether we are investigating. We take any allegations of violations of our consent decrees very seriously as we did in 2012 in a privacy case involving Google,” a spokesman for the FTC said Tuesday.

FOLLOW THE LINK FOR THE FULL REPORT – JR

https://www.cnbc.com/2018/03/20/ftc-reportedly-to-investigate-facebooks-use-of-personal-data.html