WELCOME to Connected Rights, your portrait in the attic of digital rights news and analysis.

Enjoy this newsletter? Forward it to a friend or get them to sign up. I’m David Meyer, aka @superglaze on Twitter and @davidmeyerwrites on Facebook. Don’t forget to check out the Connected Rights website and download a copy of my book, Control Shift: How Technology Affects You and Your Rights. Siyalemukela!

WHEN BOMBERS STRUCK IN SRI LANKA, killing hundreds of people who were at church on Easter Sunday, the authorities shut off access to Facebook and YouTube. Was this a good idea?

Tech journalism guru Kara Swisher wrote in a New York Times op-ed that her initial reaction was “yes,” as the move may have stopped more violence due to the spread of false reports about the attacks. “Stop the Facebook/YouTube/Twitter world — we want to get off,” she wrote. “Obviously, that is an impossible request and one that does not address the root cause of the problem, which is that humanity can be deeply inhumane. But that tendency has been made worse by tech in ways that were not anticipated by those who built it.”

“Social media has blown the lids off controls that have kept society in check. These platforms give voice to everyone, but some of those voices are false or, worse, malevolent, and the companies continue to struggle with how to deal with them,” Swisher wrote, before adding that “shutting social media down in times of crisis isn’t going to work” because, as a tech executive told her, “it’s too late.”

Indeed, as this Gizmodo piece explains, Facebook is “inextricable entwined into the DNA” of the Sri Lankan economy, society and politics, largely due to its expansion there via the Free Basics program. The social network played a big role in helping people push back against an authoritarian coup there. “Even within a single country in one year, the same platform can be responsible for amplifying both deadly hate speech and elevating democratic values,” the article notes.

“Curbing civil liberties and civil rights doesn’t make people more safe. These are societal issues that are going to take long-term solutions,” Freedom House analyst Allie Funk told Wired. Others pointed out that social networks were crucial for letting people confirm that their loved ones are safe after a terrorist attack.

Simple answers? Good luck finding them.

PRIVACY IS NO LONGER JUST A MATTER for privacy regulators. As I wrote in a piece for IAPP’s Privacy Advisor, the issue is now also firmly on the radar of many competition watchdogs, too.

The big case here was the German antitrust authority’s decision earlier this year to tackle Facebook over its exploitative terms, which effectively force users to agree to the harvesting and processing of their data from third-party sites. The European Data Protection Supervisor thinks this will be the start of a trend, but some don’t think the trend will play out in Europe so much, due to the tough sanctions available under the GDPR. Instead, they say, we should keep an eye out for how the situation evolves elsewhere, such as the U.S., where state attorneys general are fretting about the same issues that animated the German regulator.

THE FEDERAL TRADE COMMISSION IS LOOKING AT MARK ZUCKERBERG’S personal accountability for Facebook’s mishandling of user data, according to a Washington Post report.

As Tony Romm writes: “Such a move could create new legal, political and public-relations headaches for one of Silicon Valley’s best-known — and most image-conscious — corporate leaders. Zuckerberg is Facebook’s co-founder, chief executive, board chairman and most powerful stock owner, and a sanction from the federal government would be seen as a rare rebuke to him and the tech giant’s ‘move fast and break things’ ethos.”

FACEBOOK “UNINTENTIONALLY” UPLOADED THE EMAIL CONTACTS of 1.5 million people without their consent. ‘Twas Business Insider’s scoop: “The revelation comes after pseudononymous security researcher e-sushi noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities, a move widely condemned by security experts. Business Insider then discovered that if you entered your email password, a message popped up saying it was ‘importing’ your contacts without asking for permission first.”

ON THURSDAY, AKA MUELLER REPORT DAY, FACEBOOK decided to use the attention diversion as an opportunity to quietly admit that millions of Instagram passwords were also stored in a non-encrypted format on internal systems, alongside the hundreds of millions of Facebook users’ passwords regarding which the company already fessed up last month.

THE EUROPEAN COMMISSION HAS WEIGHED IN on the WHOIS vs. GDPR argument, taking the side of privacy advocates. WHOIS thinks collecting data in order to satisfy lawful data disclosure requests is a legitimate purpose under the GDPR. The Commission does not, saying it “considers that the purposes for processing WHOIS personal data by ICANN and/or the contracted parties should not include enabling access by third parties.”

BRITISH INTELLIGENCE AGENCIES AND INTERNET SAFETY WATCHDOGS are worried about a potential update to Google’s Chrome that would encrypt the web addresses that people visit, making it harder for spies to snoop and for filtering tools to function. The Sunday Times reported that there will be “crisis talks” on May 8, involving the U.K.’s biggest Internet service providers. Here’s a Forbes piece going into the technical details.

DON’T INSTALL GOOGLE’S NEST CAMS ABOVE your kids’ beds, is the big lesson learned by a Californian family after hackers played pornography to their three-year-old daughter through the device’s intercom feature. Google’s take? The parents should have activated the two-factor authentication option on their account, which is not pushed on them by default.

As this Washington Post piece explains: “Nest could make it more difficult for hackers to break into Nest cameras, for instance, by making the log-in process more cumbersome. But doing so would introduce what Silicon Valley calls ‘friction’ — anything that can slow down or stand in the way of someone using a product.”

WANT TO AVOID YOUR KIDS GAMING THE FACIAL RECOGNITION lock on your laptop? Don’t pose for photos. Irish MEP Matt Carthy tweeted yesterday that he discovered his offspring had been using the picture on his election leaflets to get into his PC while he was away. “I’m not sure whether to be proud by the wit or concerned by the sneakiness,” he said.

THE EFF’S JILLIAN YORK DISCOVERED VIA A FRIEND THAT HER IMAGE was included in a U.S. government database that’s being used to train facial-recognition algorithms. The database includes pictures of 3,500 people taken from the Web. All the shots seem to have been uploaded under a Creative Commons license, meaning their use required no notification or consent.

From the Financial Times’ article on this: “The dataset containing Jillian York’s face is one of a series [that] have been cited by academics in 21 different countries, including China, Russia, Israel, Turkey and Australia.  They have been used by companies such as the Chinese AI firm SenseTime, which sells facial-recognition products to the Chinese police, and the Japanese IT company NEC, which supplies software to law enforcement agencies in the US, UK and India. The images in them have even been scraped by the National University of Defense Technology in China, which is controlled by China’s top military body, the Central Military Commission.”

That’s one heck of a thing to find out as a privacy activist!