WELCOME to Connected Rights, your pinch on the cheek of digital rights news and analysis.
APPLE HAS ALARMED PRIVACY ACTIVISTS by agreeing not only to store its Chinese customers’ iCloud data on Chinese servers, but to store the encryption keys for that information in the country too: http://on.wsj.com/2ESetY6
The company claims that the keys will be protected there, but experts suggest the move backs Apple into a corner. “Once the keys are there, they can’t necessarily pull out and take those keys because the server could be seized by the Chinese government,” said cryptographer Matthew Green.
Apple’s take is that, without agreeing to store users’ keys in China, it would have to scrap iCloud in that country, resulting in “a bad user experience and less data security and privacy for our Chinese customers.”
I’m reminded of Apple’s excuse when it scrubbed VPN apps from the iPhone ecosystem in China (http://bit.ly/2x3IPTh) last year. At the time, Tim Cook said: “We strongly believe in participating in markets and bringing benefits to customers is the best interest of the folks there.” In other words, Apple strongly believes in making money from the lucrative Chinese market.
Edward Snowden took to Twitter to complain about the firm’s new China decision, while also pointing out a Forbes report (http://bit.ly/2oz8tfW) about Israeli hackers-for-hire Cellebrite, who reportedly claim they can unlock “pretty much every iPhone on the market”. Cellebrite is a U.S. government contractor.
“The only compelling reason for someone to buy an iPhone over more open, less expensive competitors was @Apple‘s stronger stance on users’ right to privacy and security,” Snowden said. “[These reports] threaten the core of an iPhone’s value.” http://bit.ly/2EVgXci
YESTERDAY THE US SUPREME COURT STARTED CONSIDERING the long-running “U.S. vs Microsoft” email privacy case, in which the Justice Department is trying to get Microsoft to turn over the contents of a customer’s emails even though they are stored on the firm’s Irish servers. Never mind that it might be possible to get this data by asking the Irish authorities (using the two countries’ mutual legal assistance treaty, or MLAT) – the US just wants to be able to compel Microsoft to import the data itself.
Naughty US, right? Well, Europe is now considering doing the same thing. According to Reuters, the European Commission is preparing legislation that would compel tech firms to provide access to electronic evidence even if it’s stored outside the bloc. This is the same European Commission that previously commented on the Microsoft case by saying that “extraterritorial application of foreign laws… may be in breach of international law”: http://reut.rs/2BRzYd0
BLOCKCHAIN TECHNOLOGY IS GOING TO FIND A SERIOUS ROADBLOCK in the EU’s new General Data Protection Regulation, according to Jan Albrecht, the law’s daddy: http://bit.ly/2CmLZbe
The issue is that blockchains (the tech that underpins Bitcoin and Ethereum, among other applications) are designed in order to make the data that they hold immutable – the whole point is that the data is trustworthy because it can’t have been changed. But, when it comes to personal data (i.e. any data relating to an identifiable individual), the GDPR says people must be able to demand that their data is erased or modified under many circumstances.
That’s a pretty fundamental clash, and it suggests that the blockchain – as currently conceptualised – simply cannot be used for the storage of personal data in the EU. There’s a whole emerging industry that doesn’t seem to have thought much about this yet. With the GDPR coming into effect in May, they’d better get thinking now.
THE GDPR WILL ALSO HAVE A BIG IMPACT ON COMPANIES gathering and processing location data. Here’s my other article for the International Association of Privacy Professionals this month: http://bit.ly/2FClSft
To support my work, please consider visiting my Patreon page or buying my book, Control Shift: How Technology Affects You and Your Rights.
GOOGLE HAS PUBLISHED AN INTERESTING piece of research into its application of the EU “right to be forgotten”. Turns out a third of the requests are for the removal of social network or directory information. Also, Brits, Germans and the French are particularly enthusiastic asserters of the right: http://bit.ly/2FCD83V
YOU KNOW HOW ALMOST EVERYONE SAYS ELECTRONIC VOTING is a bad idea, because of the difficulty of auditing the results while ensuring voting secrecy? Well, the Democratic Republic of Congo is going ahead with it anyway, ignoring the objections of the United Nations Security Council, the Catholic Church and various countries including the US: http://bit.ly/2BKPgjp
“It’s not a cheating machine,” said the Independent National Electoral Commission (CENI), which is exactly what you want to hear when the incumbent president, Joseph Kabila, still hasn’t said whether he will step down as the DRC constitution demands, and when protests are being bloodily quelled (it probably goes without saying that the authorities cut internet and mobile data access during the protest: http://bit.ly/2FaWlMr).
The church wants CENI to let national and international experts certify the Korean-made electronic voting machines, and the opposition has reportedly rejected their use entirely for the upcoming December election. So has US ambassador to the UN, Nikki Haley: “These elections must be held by paper ballot so there is no question by the Congolese people about the result.”
IF A LIBELLOUS TWEET CAN GO VIRAL, then it only makes sense that the apology should do so as well. As Buzzfeed UK political editor Jim Waterson pointed out, it seems Conservative MP Ben Bradley was forced, as part of a legal settlement, to ask his Twitter followers to retweet his apology to Labour leader Jeremy Corbyn for falsely alleging that he “sold British secrets to communist spies”: http://bit.ly/2BRox4Z
Bradley’s apology tweet duly went properly viral, amassing 38,000 retweets in a day. On the plus side, the Tory just made his most popular tweet ever. Engagement!
SIGNAL’S ENCRYPTED MESSAGING PROTOCOL now powers WhatsApp and the secret chats in Facebook Messenger and Google Allo (does anyone actually use that, by the way?), as well as the Signal client itself, of course.
So it’s nice to see the creation of the Signal Foundation, a new non-profit with $50 million in initial funding from WhatsApp co-founder Brian Acton. That means more maintenance for Signal, and maybe some new apps. As Acton wrote: “Our long-term vision is for the Signal Foundation to provide multiple offerings that align with our core vision.” http://bit.ly/2oqJcWb
If you’d like me to write articles for you about digital rights issues, speak at your event or provide privacy advice for your business, drop me an email at firstname.lastname@example.org.
MORE ON THE INFLUENCE OF FACEBOOK ADS on the 2016 US election, this time in an interesting Wired article that suggests Donald Trump’s own ads were way more influential than those pumped out by Russian agents – and that Trump paid less per ad than rival Hillary Clinton did: http://bit.ly/2EQUmtd
From the piece: “If Facebook’s model thinks your ad is 10 times more likely to engage a user than another company’s ad, then your effective bid at auction [for an advertising spot] is considered 10 times higher than a company willing to pay the same dollar amount. A canny marketer with really engaging (or outraging) content can goose their effective purchasing power at the ads auction, piggybacking on Facebook’s estimation of their clickbaitiness to win many more auctions (for the same or less money) than an unengaging competitor…
“… because Trump used provocative content to stoke social media buzz, and he was better able to drive likes, comments, and shares than Clinton, his bids received a boost from Facebook’s click model, effectively winning him more media for less money.”
However, Facebook hit back by claiming that Trump’s campaign actually paid more per click, rather than less: http://for.tn/2oEgqjR
SECURITY GURU BRUCE SCHNEIER MAKES A GOOD POINT about the foolishness of former Trump campaign manager Paul Manafort, whose indictment details the digital trail proving (allegedly) fraudulent acts. In a nutshell, Manafort lacked the technical savvy to (allegedly) doctor profit and loss statements in order to secure bank loans, so he (allegedly) got associate Rick Gates to do it for him. The back-and-forth (alleged) doctoring took place over email.
“If there’s a lesson here, it’s that the Internet constantly generates data about what people are doing on it, and that data is all potential evidence. The FBI is 100% wrong that they’re going dark; it’s really the golden age of surveillance,” said Schneier. http://bit.ly/2oAZGu2