WELCOME to Connected Rights, your hands in the air of digital rights news and analysis.
THE INTERNET ARCHIVE is kind of the internet’s memory – the repository where all the stuff that’s been taken down or gone missing is replicated and searchable. Which makes it particularly worrying to see that the Indian government has apparently blocked it: http://bit.ly/2vLDkMn
Even more worrying is the fact that there’s no stated reason for the blockade. Even the U.S.-based proprietors of the service are left in the dark. “We are disappointed and concerned by this situation and are very eager to understand why it’s happening,” they said.
According to the MediaNama article linked to above, this is unfortunately quite standard in India, where people often don’t learn why certain sites have been blocked. “Lack of transparency leads to lack of trust. Transparency will ensure accountability,” the article noted.
TRUST IS INDEED A VALUABLE RESOURCE when you’re a government dealing with digital matters, as the Australian government seems likely to find out.
The government has revealed plans for a “super ID logon” that Australians could use to deal with government agencies, banks and e-commerce operations. “Right now you might have 10, 20 or 30 different logons across different websites,” said “digital transformation assistant minister” Angus Taylor. He said the first step would be a single ID for logging into government services, and the mechanism could then be extended to the private sector: http://bit.ly/2uD5nZi
There’s a lot to be said for this sort of “tell us once” mechanism, as it cuts down on duplication and confusion when you’re dealing with multiple agencies. Estonia has a famously joined-up system in this regard. However, a system like this is doomed to failure if the populace don’t trust you to keep their information secure, and to respect their rights.
Last year, the Australian government’s e-census website fell victim to a series of denial-of-service attacks, hitting confidence in its IT capabilities. The government’s Centrelink social services department last year accidentally leaked the details of hundreds of people (http://bit.ly/2flQX8v) and this year deliberately released the details of a welfare recipient who criticised the department (http://bit.ly/2lpziAj). And of course, the Australian government’s ongoing crusade against encryption doesn’t paint it as a guardian of everyone’s privacy.
The planned system will be opt-in, which is good. But it’s not going to take off without people’s trust in the government as an able and willing defender of their personal information. This isn’t just a dilemma for Australia, either. Any government trying to promote digitalisation, while not demonstrating respect for people’s digital rights, is going to find itself with similar problems.
If you’d like to support the creation of this newsletter and help me develop further Connected Rights resources, please check out my new Patreon page.
DISNEY SECRETLY COLLECTS KIDS’ PERSONAL INFORMATION and shares it with advertisers without parent consent, a federal class-action lawsuit in the US alleges: http://wapo.st/2uCwfbO
Disney and its software-development partners (Unity, Upsight and Kochava) are being targeted in a Californian court over apps such as Disney Princess Palace Pets and Temple Run: Brave. The apps contain hidden trackers that send information into the cloud for advertising purposes. According to the plaintiffs, the companies are breaking the Children’s Online Privacy Protection Act (COPPA) by doing so.
To comply with COPPA, Disney and its partners should be showing users a very clear privacy policy explaining how they collect and share data, while also obtaining “verifiable parental consent” before collecting any information. Disney claims it is complying with the law.
FACIAL RECOGNITION TECHNOLOGY IS BACK IN THE NEWS, this time over plans by London’s Metropolitan Police to track the visages of everyone attending this year’s Notting Hill carnival. Civil liberties campaigners say the tracking has no legal basis and could even amount to racial profiling (the carnival is primarily an Afro-Caribbean celebration).
The police claim this is a pilot aimed at keeping people safe. They actually trialled the technology last year too, but without any success in identifying suspects, according to the Guardian: http://bit.ly/2vfPZpr. Now they hope the tech has improved. Apparently this is a different facial recognition system to the one recently used at the Champions League final in Cardiff, where the cops were trying to spot ticket touts.
If you’d like me to write articles for you about digital rights issues, speak at your event or provide advice for your business, drop me an email at david@dmeyer.eu.
THE BRITISH GOVERNMENT HAS ANNOUNCED plans for the country’s new privacy law, claiming it will give the UK “one of the most robust, yet dynamic, set of data laws in the world”. The bill is, of course, largely a cut-and-paste of the EU’s General Data Protection Regulation (GDPR), which will come into force in the UK next year anyway, ahead of Brexit: http://bit.ly/2vdnIho
The law firm Bird & Bird has produced an interesting breakdown of the differences between the planned UK regime and the GDPR: http://bit.ly/2vfO83H. “It is perhaps regrettable that the government has not taken the opportunity provided by Article 85 of the GDPR to implement wider protection for freedom of expression. It is possible that the judiciary might yet have to resolve conflicts between data protection legislation and the right to freedom of expression embodied in the Human Rights Act 1998,” the authors wrote.
One particularly interesting innovation in the UK plan is a new criminal offence for “intentionally or recklessly re-identifying individuals from anonymised or pseudonymised data”. This is serious, as there is no limit on the fines the new crime could incur. However, journalists and whistleblowers would get an exemption.
WHEN YOU USE A VPN, PRIVACY is somewhat the name of the game. The whole point of virtual private networks is to redirect your online activities to stop you being tracked.
However, according to a complaint filed with the US Federal Trade Commission by the Center for Democracy & Technology (CDT), a VPN called Hotspot Shield has been redirecting people’s traffic to, uh, advertising networks. Hotspot Shield claims that it “neither tracks nor sells customers’ information”.
The CDT claims Hotspot Shield logs more information about its customers’ connections than it needs to in order to manage its service, and says the information it gives third parties is enough for them to piece together users’ “web-viewing habits”. It also says the outfit “employs insecure and unreasonable data security practices”. Legally speaking, it argues, this all amounts to deceptive and unfair trade practices.
The CEO of Hotspot Shield’s parent company told ZDNet: “We strongly believe in online consumer privacy. This means that the information Hotspot Shield users provide to us is never associated with their online activities when they are using Hotspot Shield, we do not store user IP addresses and protect user personally identifiable information from both third parties and from ourselves.” http://zd.net/2vfX8pG
Connected Rights 