Microsoft breaches data protection law in the Netherlands because of the way its Windows 10 operating system processes personal information, according to a report.
The Dutch Data Protection Authority (DPA) also said users were not clearly informed about what data the technology giant was using.
There were four million active devices in Holland using Windows 10, it said.
Microsoft said it was “a priority” for the company to comply with Dutch law.
The DPA said that sanctions could be imposed if Microsoft failed to resolve the issues but did not detail what they might be.
The report claims that Windows 10 users “lack control of their data” because of the approach of Microsoft.
“It turns out that Microsoft’s operating system follows about every step you take on your computer. That results in an intrusive profile of yourself,” said Wilbert Tomesen, vice-chairman of the DPA.
“What does that mean? Do people know about this? Do they want this? Microsoft needs to give users a fair opportunity to decide about this themselves.”
Microsoft responded in a blog post.
It said that its latest update did give users of Windows 10 the opportunity to learn about privacy controls, and that users were informed in various documents and statements about why it processed data, including the performance of the device and apps installed.
“Windows collects data so that we can be responsive to your needs and interests,” wrote Marisa Rogers, Microsoft’s Windows and devices group privacy officer.
Ms Rogers later added that the company was “listening and responding” to feedback both from customers and regulators.
The technology giant also published a list of DPA claims that it said were inaccurate.
Posts Tagged ‘#data #privacy’
Microsoft breaches data protection law in the Netherlands because of the way its Windows 10 operating system processes personal information, according to a report.
Leading progressive organizations hope to turn the reform of government surveillance programs into a litmus test for 2020 presidential candidates.
In a letter to congressional Democrats, 34 groups, led by the digital rights-focused Demand Progress Action, demand new protections for civil liberties in the reauthorization of a key surveillance law. The groups favor allowing the expiration of Section 702 of the Foreign Intelligence Surveillance Act, which enables the federal government to search the electronic communications of Americans without a warrant.
Given the political difficulty of such a goal, however, the groups are trying to leverage Democrats’ fear of overreach by President Donald Trump to unite the party behind a more limited, but nonetheless sweeping, set of reforms aimed at preventing surveillance of Americans without a warrant.
“The Trump administration has made no secret of its desire to criminalize people of color and activists,” the letter says. “No Democrat should support a law that grants Trump the ability to spy — without a court-issued warrant — on the more than 325 million people that live in this country.”
Section 702, which Congress added to FISA in 2008, allows the attorney general and director of national intelligence to order the surveillance of non-Americans “reasonably believed to be located outside the United States” for the collection of foreign intelligence information.
The provision is the legal basis for two digital data collection programs revealed by former National Security Agency contractor Edward Snowden in June 2013. The NSA uses its Prism program to collect data from Google, Facebook, Apple and Microsoft that is sent to or from a foreigner targeted for national security or intelligence reasons, and its “upstream” collection picks up communications from the international fiber-optic cables that transport phone and internet data across borders.
The law limits data collection to foreigners not on United States soil, but it places no such limits on searching already-collected data. As a result, civil liberties groups say, the provision has been used to create a “back-door” search mechanism granting the government access to data involving U.S. citizens, green-card holders, and foreigners living in the U.S. who corresponded with a targeted foreigner.
Until April, the NSA’s Upstream program had been collecting data on Americans’ whose electronic communications contained the contact information of a targeted foreigner, even if a foreigner targeted for security or intelligence purposes was not involved in the correspondence. That tactic is known as “about” collection.
The NSA discontinued the practice after it could not find a way to maintain it and remain in compliance with FISA court rules permitting the Upstream program.
But were it not for Snowden’s leaks, civil liberties advocates noted, the “about” searching would never have been discovered and stopped. (Snowden argued on Twitter that the cessation of the practice would be “the most substantive of the post-2013 NSA reforms, if the principle is applied to all other programs.”)
Progressive organizations believe wariness of Attorney General Jeff Session and President Donald Trump could solidify Democratic support for major surveillance reform.
For Demand Progress Action ― and allies on the letter, including the American-Arab Anti-Discrimination Committee, the Asian American Legal Defense and Education Fund, Color of Change, and Credo ― the exposure shows that FISA courts alone are not enough to ensure that the federal government respects the constitutional right to privacy enshrined in the Fourth Amendment. Demand Progress Action’s policy arm documented numerous other violations of FISA rules in a September report, making the case that FISA courts have proven incapable of deterring intelligence agency abuses under Section 702.
Section 702 has “grown into a tool so powerful that it is changing the way innocent people speak and associate,” the letter says.
Left unchecked, the federal government, particularly under Trump’s leadership, is liable to abuse its powers in even more pernicious ways, the letter says. It points to intelligence agencies’ historic use of mass surveillance to engage in political persecution against Martin Luther King Jr. and other progressive leaders as an indication of what is possible.
“Surveillance has always been justified on the back of national security concerns, even though on many occasions it has been employed to counter progressive reform movements, and it invariably disproportionately targets communities of color and people working for social change,” the letter says.
The progressive organizations propose far-reaching reforms. They want Congress to write into the law the NSA’s cessation of “about” searches in which neither correspondent is a foreigner based in a different country. Further, they would have Congress explicitly forbid the federal government from accessing the data of U.S. citizens, green-card holders and foreigners living in the United States without a court-issued warrant.
Additionally, they are pressing Congress to force the NSA to disclose how much data it has collected on American citizens, green-card holders and foreigners on U.S. soil, and require the Department of Justice’s Office of Legal Counsel to explain how it is interpreting Section 702.
The groups are also seeking to revise a procedure known as “parallel construction,” in which the government uses secretly collected information against defendants without disclosing to them or courts the origin of the evidence. The practice prevents Americans and foreigners living in the U.S. from challenging evidence prosecutors launder from national security-related searches and later share with other law enforcement authorities.
Finally, the progressive groups are trying to limit the re-authorization of the FISA Act to a single year “so that Congress and the public have the opportunity to re-examine how (and if) the Trump-run surveillance agencies operate under the framework it enshrines.”
There is a broad set of Democratic activists and voters who are very concerned about affording these sorts of powers to Trump.
David Segal, Demand Progress Action
Even under President Barack Obama, civil libertarians had limited success curtailing the authority of the NSA and other intelligence agencies, thanks to post-9/11 laws expanding their powers.
A June 2015 reform entitled the USA Freedom Act transferred the storage of phone data previously held by the NSA to phone companies and required the federal government to petition a federal court to search the cache.
But civil liberties groups, including Demand Progress Action, considered the measure a fig leaf for real reform, arguing that the NSA’s practice of searching personal data on tens of millions of Americans would continue through a different process.
In December 2012, prior to Snowden’s revelations, Congress quietly renewed the 2008 amendments to the FISA Act for five years.
Support for substantial reform of the FISA Act has grown stronger in libertarian wings of both parties, but political backing for the status quo has proven resilient. A bipartisan amendment to the annual defense spending bill that would have barred the NSA from using federal dollars to conduct back-door searches on Americans’ data passed the House twice in 2014 and 2015, before being stripped out in the Senate. In June 2016, following the massacre at the Orlando nightclub, the House defeated the amendment by a narrow margin.
Ahead of the December deadline for reauthorization of the FISA Act, the prospects for deep reforms of the kind advocated by organizations like Demand Progress Action and libertarian conservative outfits like FreedomWorks has grown more remote ― not least because of the Trump administration’s hostility to those efforts. A White House official said in March that the administration supports a “clean reauthorization” free from reforms aimed at buttressing privacy rights.
Attorney General Jeff Sessions, Director of National Intelligence Dan Coats, FBI Director Chris Wray and NSA Director Michael Rogers are likely to make their views known in a classified briefing on Section 702 for members of Congress on Wednesday.
Meanwhile, a group of hawkish Senate Republicans led by Sen. Tom Cotton (R-Ark.) introduced a bill in June that would permanently reauthorize Section 702.
David Segal, executive director of Demand Progress Action, said the group’s effort aims to consolidate Democratic support for reform.
“There is a broad set of Democratic activists and voters who are very concerned about affording these sorts of powers to Trump,” Segal said. “They’ll be watching how everybody votes on this issue with particular attention to people running for president ― Sens. Bernie Sanders, Kamala Harris, Kirsten Gillibrand, Corey Booker and others ― when they consider who has the interests of communities that comprise the Democratic Party in mind.”
Democrats who may have been less sensitive to those concerns under the Obama administration might reconsider now that Trump is president, according to Segal.
“Because they trusted Obama, they helped erect surveillance structures that amount to a turnkey tyranny that Donald Trump can steward,” Segal said. “There’s now an understanding of the danger of having people like Trump and Jeff Sessions having control over these extraordinary powers.”
Scrolling through an ad-free Instagram is now a distant memory, much like the once ad-free Facebook itself. Soon, users of its Messenger app will begin to see advertisements, too — and WhatsApp may not be too far behind.
Welcome to the Facebook ad creep.
The world’s biggest social media company has squeezed about as many ads onto its main platform as it can. The fancy term for this is “ad load,” and Facebook warned investors back in 2016 that it has pretty much maxed it out . Put any more ads in front of users and they might start complaining — or worse, just leave.
As such, Facebook, a free service that relies almost completely on ads to make money, has to keep finding new and creative ways to let businesses hawk their stuff on its properties.
One solution is to spread ads beyond Facebook itself, onto the other popular messaging and photo-sharing apps it owns.
So far, it’s working. On Wednesday, Facebook posted a 71 percent increase in net income to $3.89 billion, or $1.32 per share, from $2.28 billion, or 78 cents a share, a year ago.
Revenue for the three months that ended on June 30 rose 45 percent to $9.32 billion from $6.44 billion. The Menlo Park, California-based company’s monthly active user base grew 17 percent to 2.01 billion.
Ads began arriving on Instagram, which Facebook bought in 2012 for $1 billion, in 2013. It was a slow and careful rollout, and tells us a lot about Facebook’s subsequent ad strategy.
The company didn’t want to upset Instagram’s loyal fans, who were used to scrolling through beautiful landscapes, stylized breakfast shots and well-groomed kittens in their feed. An ad for headache pills would have interrupted the flow. So Instagram started off with just a few ads it considered “beautiful,” selected from hand-picked businesses. For a while, CEO Kevin Systrom reviewed every ad before it went live.
Four years later, things have changed a bit, although to Instagram’s credit, not so much as to alienate significant numbers of its 700 million users (up from 100 million in 2013). There are more ads now, Systrom no longer inspects them before publication, and while many could still be called “beautiful,” users are also likely to see generic ads not specifically created for Instagram.
By this point, though, people seem to have gotten used to them.
Facebook has already been testing ads on its primary chat app, and earlier this month it announced it will expand this test globally. Paralleling its experience with Instagram, Facebook told developers and businesses they can start showing ads — specifically for brands that people “love” or that offer an “opportunity to discover experiences” — to Messenger’s 1.2 billion users.
A tsunami it won’t be. Facebook product manager Ted Helwick wrote in a blog post that a “small percentage” of Messenger users will start seeing ads by the end of July. The company will then study that limited rollout to ensure that it’s delivering “the best experience.”
Of course, even a small percentage of 1.2 billion users could be tens of millions of people. But this gives Facebook a chance to see what works and what doesn’t without mass revolt.
And it highlights the importance of Facebook’s decision to spin out the Messenger app from its main Facebook app (and to start pressuring people to use it ). While Facebook billed its decision as a way to make Messenger easier to use, it also essentially doubled the available real estate for its mobile ads.
In a conference call with analysts on Wednesday, CEO Mark Zuckerberg said he wants to see the company “move a little faster” when it comes to ads on Messenger, but added that he is “confident that we’re going to get this right over the long term.”
WHATSAPP AND MORE
With its popularity outside the U.S. and in developing countries, WhatsApp might be a harder nut to crack when it comes to ads. But there are signs it’s coming. It’s true that WhatsApp’s CEO Jan Koum promised users they can count on ” absolutely no ads interrupting your communication” when Facebook bought the company in 2014 for $19 billion.
That doesn’t mean that ads will appear on WhatsApp right away. But in the same post, the company also said it wants people to be able to communicate with businesses, not just people. That’s exactly how Messenger began dabbling in the advertising business.
What else can Facebook do?
“One, they will raise their rates on ads,” said Matt Britton, CEO of social media marketing company CrowdTap. “Because they can. The value is tremendous for advertisers right now, including for video ads.”
For eMarketer analyst Debra Aho Williamson, Facebook video presents the biggest opportunity for ad-business growth. How people will respond to Messenger ads remains uncertain, she said. But with video, Facebook is doing what people already know, taking short and long-form programs and inserting ads in the middle.
That lets Facebook attract money from “traditional video advertisers,” she said — meaning the folks who honed their talents inserting ads into prime-time shows.
We covered a ton of legal cases in 2016.
The entire Apple encryption saga probably grabbed the gold medal in terms of importance. However, our coverage of a California fisherman who took a government science buoy hostage was definitely our favorite. The case was dropped in May 2016 after the fisherman gave the buoy back.
Among others, we had plenty of laser strike cases to cover. There were guilty verdicts and sentencing in the red-light camera scandal that consumed Chicago. The Federal Trade Commission settled its lawsuit with Butterfly Labs, a failed startup that mined Bitcoins. A man in Sacramento, California, pleaded guilty to one count of unlawful manufacture of a firearm and one count of dealing firearms—he was using a CNC mill to help people make anonymous, untraceable AR-15s.
While we do our best to cover a wide variety of civil and criminal cases, there are five that stand out to us in 2017. These cases range from privacy and encryption, to government-sanctioned hacking, to the future of drone law in America.
Drone’s up, don’t shoot
After neighbor shot down his drone, Kentucky man files federal lawsuit
In 2016, we reported on another drone shooting incident (seriously folks, don’t do it!) in Virginia. A 65-year-old named Jennifer Youngman used her 20-gauge shotgun to take out what many locals believe was a drone flying over her neighbor, Robert Duvall’s, adjacent property. Yes, that Robert Duvall.
“The man is a national treasure and they should leave him the fuck alone,” she told Ars.
Youngman touched on a concept that many Americans likely feel in their gut but has not been borne out in the legal system: property owners should be able to use force to keep unwanted drones out of their airspace. But here’s the thing: for now, American law does not recognize the concept of aerial trespass.
At this rate, that recognition will likely take years. Meanwhile, drones get more and more sophisticated and less expensive, and they have even spawned an entire anti-drone industry.
Legal scholars have increasingly wondered about the drone situation. After all, banning all aircraft would be impractical. So what is the appropriate limit? The best case law on the issue dates back to 1946, long before inexpensive consumer drones were feasible. That year, the Supreme Court ruled in a case known as United States v. Causby that Americans could assert property rights up to 83 feet in the air.
In that case, US military aircraft were flying above a North Carolina farm, which disturbed the farmer’s sleep and upset his chickens. As such, the court found that Farmer Causby was owed compensation. However, the same decision also specifically mentioned a “minimum safe altitude of flight” at 500 feet—leaving the zone between 83 and 500 feet as a legal gray area.
“The landowner owns at least as much of the space above the ground as he can occupy or use in connection with the land,” the court concluded.
In 2015, a Kentucky man shot down a drone that he believed was flying above his property. The shooter in that case, William Merideth, was cleared of local charges, including wanton endangerment.
Man who built gun drone, flamethrower drone argues FAA can’t regulate him
By January 2016, the Kentucky drone’s pilot, David Boggs, filed a lawsuit asking a federal court in Louisville to make a legal determination as to whether his drone’s flight constituted trespassing. Boggs asked the court to rule that there was no trespass and that he is therefore entitled to damages of $1,500 for his destroyed drone.
Although the two sides have traded court filings for months, the docket has not been updated since June 2016, when Boggs’ attorneys pointed to a recent case out of Connecticut that found in favor of the Federal Aviation Administration’s regulation of drones.
As Boggs’ legal team wrote:
The Haughwout pleadings are directly relevant to the subject matter jurisdiction issue currently before the court. The current dispute turns on whether a controversy has arisen that cannot be resolved without the Court addressing a critical federal question—the balance between the protection of private property rights versus the safe navigation of federal airspace. The Haughwout dispute places this critical question in the context of an administrative investigation. It highlights, as argued by Mr. Boggs—and now the FAA—that questions involving the regulation of the flight of unmanned aircraft should be resolved by Federal courts.
US District Judge David J. Hale has yet to schedule any hearings on the matter.
KickassTorrents lawyer: “torrent sites do not violate criminal copyright laws”
In July 2016, federal authorities arrested the alleged founder of KickassTorrents (KAT). The arrest was part of what is probably the largest federal criminal complaint in an intellectual property case since Megaupload, which was shuttered in early 2012. (That site’s founder, Kim Dotcom, has successfully beat back efforts to extradite him from New Zealand to the United States. He was ordered extradited a year ago, but that court decision is now on appeal.)
In the case of KAT, Ukranian Artem Vaulin, 30, was formally charged with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Vaulin was arrested in Poland, where he remains in custody pending a possible extradition to the United States.
Like The Pirate Bay, KAT does not host individual infringing files but rather provides torrent and magnet links so that users can download unauthorized copies of TV shows, movies, and more from various BitTorrent users.
According to the 50-page affidavit, Vaulin and KAT’s claims that they respected the Digital Millennium Copyright Act were hogwash. The affidavit was authored by Jared Der-Yeghiayan, who is a special agent with Homeland Securities Investigations and was also a key witness in the trial of Silk Road founder Ross Ulbricht.
Vaulin has since retained Dotcom’s lawyer, Ira Rothken, who has made similar arguments in court filings on behalf of his more famous client. Namely, that there is no such thing as secondary criminal copyright infringement, and while some files uploaded to KAT may have violated copyright, that does not make Vaulin a criminal.
Rothken has not yet been able to directly correspond with or even meet his Ukrainian client (and has to do so only through Polish counsel). Nevertheless, he filed a motion to dismiss in October 2016. The government responded weeks later, and Rothken filed another response on November 18.
Prosecutors, for their part, said that the Rothken-Vaulin theory was ludicrous: “For the defendant to claim immunity from prosecution because he earned money by directing users to download infringing content from other users is much like a drug broker claiming immunity because he never touched the drugs.”
The two sides met before US District Judge John Z. Lee for a status conference on December 20, 2016. Judge Lee has not yet ruled on the motion to dismiss.
Jenny always uses Facebook carefully. She knows the company probably knows more about her than most of her friends – the location settings might show she spent time in hospital last week, for instance – but she’s careful with what she posts. Her WhatsApp is similar. Nothing too sensitive. But the app does have access to her phone contacts, so could see the number of her counsellor, and of the addiction clinic she’s been in touch with. If those two sets of data were put side by side, Jenny’s personal, private information suddenly wouldn’t seem quite so private.
That’s the worry that many could be facing as a result of Facebook’s decision to co-opt some of the data of WhatsApp customers. It’s a worry I share. I don’t think people have been given enough information about what Facebook plans to do with WhatsApp users’ data, and that’s left people concerned about how extensive the data sharing could be. And I don’t think users have been given enough control over what’s happening.
My office has asked both companies to pause what they’re doing, which they have, and we’ve asked them to commit to doing things differently, which so far they have not.
Consumers are protected by the law. The Data Protection Act requires businesses to use people’s information fairly, and in this case that means telling them what is happening. What’s more, we’re clear that WhatsApp needs to get its users’ permission to use the data in some of the ways it plans to, and the “are you happy with our new terms and conditions?” option it has taken so far doesn’t do that.
Clearly our work here is ongoing. As it stands, unless you opt out of data sharing within the first 30 days, the only option if you’re not happy is to delete your account. As a Canadian living in Cheshire who uses WhatsApp to stay in touch with my kids, I know from personal experience how impractical that is.
We all rely on digital services for important parts of our lives. But these apps create rich portraits of who we are, even when we are careful what we post, and the companies have legal responsibilities to treat that data with proper care and respect.
There’s always a concern when personal data becomes an asset to be bought and sold
Of course we could all be more careful ourselves. Most of us would benefit from a quick audit of what access we’re giving to our apps: are location settings turned on? Does it really need access to our contacts? Using the highest privacy settings when you first create a profile, then gradually adjusting them as you feel comfortable is always a good rule of thumb.
In some cases we’re happy to accept making information available. We can appreciate that to get a good service – to get a free service – we sometimes have to share our data. That’s our entry fee, and so long as it’s clear what information is being gathered, and what it’s being used for, then that’s fine.
But what about Jenny’s problem? We might be happy with the data deal we’ve agreed with one service, happy with the deal with a second, but not happy when the two services come together.
This is a growing problem. There’s a clear trend of technology companies buying up smaller services specifically to access their customers’ information. Social media companies are of particular value here. There’s always a concern when personal data becomes an asset to be bought and sold. That concern is greater still when the value of a merger is based primarily on how a company thinks they can match up customer details they’re buying with customer details they hold themselves.
Don’t let WhatsApp nudge you into sharing your data with Facebook
The difficulty with digital services is that because we’re so invested in them, we become dependent on a service that we can’t always easily extricate ourselves from. As big companies buy up their competitors, are there realistic alternative services out there? And even if I can find an alternative messaging service to WhatsApp, that only works for me if my friends and family move service too. In those situations, we need to have better protections for consumers.
And that’s just the consumer angle. Do these deals cause ripples of concern among diplomats and politicians, who are said to rely on tools like WhatsApp?
It’s a problem that overlaps data protection and competition law. We need to start thinking more about the obligations that follow personal data, and how people are being protected. If a company makes a promise, then that promise needs to be honoured, irrespective of corporate manoeuvres.
A successful digital economy is important to us all. The economy wants the jobs it brings, the companies want the profits it offers, and we all want the services that make our lives easier. But the whole building begins to crumble if the foundations aren’t secure. If people feel they are losing control of information that profiles entire aspects of their lives, that should be a very real concern.