Tag: privacy

Categories
Health

New York Metropolis’s Vaccine Passport Plan Renews On-line Privateness Debate

New York City’s Vaccine Passport Plan Renews Online Privacy Debate

When New York City announced on Tuesday that people will soon have to show evidence of at least one coronavirus vaccine to get into businesses, Mayor Bill de Blasio said the system was “simple – just show it and you’re in”.

The data protection debate, which rekindled the city, was less straightforward.

Vaccination records showing proof of vaccination, often in electronic form such as an app, are the foundation of Mr de Blasio’s plan. For months, these records – also known as health cards or digital health certificates – have been discussed around the world in order to provide a safe gathering for vaccinated people who are less at risk from the virus. New York will be the first U.S. city to include these passports in a vaccine mandate, and potentially trigger similar actions elsewhere.

But mainstreaming those credentials could also usher in an era of increasing digital surveillance, privacy researchers said. This is because vaccine passports can allow location tracking, although there are few rules about how people’s digital vaccine data can be stored and shared. While existing data protection laws restrict the exchange of information between medical providers, there is no such rule for uploading your own data to an app.

The moment is reminiscent of the months after the September 11, 2001 attacks, said privacy advocates. Back then, changes in the name of national security had lasting effects, including taking off shoes at airports and the data collection made possible by the Patriot Act.

Without security, presenting a digital vaccination record every time people enter a public place could result in a “global map of the people,” said Allie Bohm, a political advisor to the New York Civil Liberties Union. The information could be used for profit by third parties or disclosed to law enforcement or immigration authorities, she said.

“How do we make sure that in 20 years we won’t say, ‘Well, there was Covid, so now I have this passport on my cell phone, which is also my driver’s license and also all the health records I have ever had? and every time I go to a store, do I have to leaf through it? ‘”said Ms. Boehm.

She added that the passports could particularly disadvantage groups who are more concerned about privacy, including those without papers. The New York Civil Liberties Union and other advocacy groups have supported laws to prevent vaccination records from being shared with law enforcement and to ensure passports don’t become permanent health trackers.

Vaccination records were introduced in the United States largely without a national framework. President Biden has ruled out a national vaccination record so that states, cities and private companies can decide if and how to have their own electronic systems to keep track of people who have been vaccinated.

Some companies that have developed digital vaccination records have tried to forestall privacy concerns. Over 200 private and public organizations recently joined the Immunization Card Initiative, a coalition aimed at standardizing the collection and protection of vaccination data.

Many developers said they went out of their way to make sure the passports didn’t break the privacy boundaries. Clear Secure, a security company that has created a health passport that is used by over 60 organizations, including many sports venues, said that its users’ health information has been “treated with the utmost care” and protected by a variety of tools. Employers or venues can only see a red or green signal that indicates whether a user has been vaccinated, it said.

The Commons Project, a non-profit organization that developed a vaccine passport called CommonPass, stores vaccine and test data on users’ phones and only temporarily uploads the information to a server to verify that a traveler meets the requirements. Airlines that have introduced CommonPass, including JetBlue and Lufthansa, can only see if a passenger has been cleared for travel, it said.

JP Pollak, a co-founder of the Commons Project, said the group’s vaccination record is “trustworthy” as users’ data has not been stored in the cloud and the passport restricts the information companies can see.

But while vaccine passports are still in the making, Covid-19 contact tracing apps that were introduced earlier in the pandemic have already been used by more authoritarian countries in a way that raises privacy issues. That gives researchers little confidence about how those vaccine passports might be used later.

For example, in China, a program called “reportInfoAndLocationToPolice” within the Alipay Health Code, used by the Chinese government to assess people’s health, sends a person’s location, city name, and identification code number to a server once the user agrees software access to personal data.

In Singapore, officials said in January that data from the country’s coronavirus contact tracing system had been used in a criminal investigation, despite leaders originally saying it was only used for contact tracing. In February, Singapore passed law restricting such use to “serious” criminal investigations.

“One of the things we don’t want is that we normalize surveillance in an emergency and we can’t get rid of it,” said Jon Callas, the director of technology projects at the Electronic Frontier Foundation, a digital rights group.

Although such incidents do not occur in the United States, researchers already see potential for a handover. Several pointed to New York City, where proof of compulsory vaccination begins August 16 and will be enforced from September 13.

For evidence, people can use their paper vaccination cards, the NYC Covid Safe app, or another app called the Excelsior Pass. The Excelsior Pass was developed by IBM under an estimated $ 17 million contract with New York State.

To receive the pass, people upload their personal information. In the standard version of the pass, companies and third parties only see the validity of the pass and the name and date of birth of the person.

On Wednesday, the state announced the “Excelsior Pass Plus”, which not only shows whether a person has been vaccinated, but also provides additional information on when and where they were vaccinated. Companies that scan Pass Plus “may have the ability to save or retain the information it contains,” according to New York State.

The Excelsior Pass also has a “Phase 2” which could include expanding the use of the app and adding more information such as personal information and other health records that companies could review upon entry.

IBM said it used blockchain technology and encryption to protect user data, but didn’t say how. The company and New York State did not respond to requests for comment.

Mr de Blasio told WNYC in April that he understands the privacy concerns surrounding the Excelsior Pass but believes it will still “play an important role”.

Some federal states and cities are proceeding cautiously for the time being. More than a dozen states, including Arizona, Florida, and Texas, have announced bans on vaccination records in the past few months. The mayors of San Francisco, Los Angeles, and Seattle also said they would hold back on passport programs.

Some groups of companies and companies that have introduced vaccine passports said the privacy concerns were legitimate but addressable.

Airlines for America, an industrial trade group, said it supported vaccine passports and urged the federal government to put in place privacy standards. The San Francisco Chamber of Commerce, which helps its members work with Clear, said it was preferable to use the tools to ensure that only vaccinated people enter stores than to have companies close again when virus cases rise.

“People’s privacy is precious,” said Rodney Fong, President of the Chamber, but “when it comes to saving lives, privacy becomes a little less important.”

Categories
World News

Apple is popping privateness right into a enterprise benefit

Apple is turning privacy into a business advantage

Apple unveiled new versions of its operating systems on Monday which showed that the company’s focus on privacy has taken a new turn. It’s not just a corporate ideal or a marketing point anymore. It’s now a major initiative across Apple distinguishing its products from Android and Windows competition.

Apple has positioned itself as the most privacy-sensitive big technology company since Apple CEO Tim Cook wrote an open letter on the topic in 2014. Since then, Apple has introduced new iPhone features that restrict app access to personal data and advertised privacy heavily in television ads.

But Monday’s announcements showed that Apple’s privacy strategy is now part of its products: Privacy was mentioned as part of nearly every new feature, and got stage time of its own.

Privacy-focused features and apps announced by Apple on Monday for forthcoming operating systems iOS 15 or MacOS Monterey included:

  • No tracking pixels. The Mail app will now run images through proxy servers to defeat tracking pixels that tell email marketers when and where messages were opened.
  • Private Relay. Subscribers to Apple’s iCloud storage service will get a feature called iCloud+ which includes Private Relay, a service that hides user IP addresses, which are often used to infer location. An Apple representative said it’s not a virtual private network, a type of service often used by privacy-sensitive people to access web content in areas where it’s restricted. Instead, Apple will pass web traffic through both an Apple server and a proxy server run by a third party to strip identifying information.
  • Hide My Email. iCloud subscribers will be able to create and use temporary, anonymous email addresses, sometimes called burner addresses, inside the Mail app.
  • App Privacy Report. Inside the iPhones settings, Apple will tell you which servers apps connect to, shining light on apps that collect data and send it to third parties the user doesn’t recognize. It will also tell users how often the apps use the microphone and camera.

Leveraging Apple’s chip chops

With its focus on privacy, Apple is leaning on one of its core strengths. Increasingly, data is being processed on local devices, like a computer or phone, instead of being sent back to big servers to analyze. This is both more private, because the data doesn’t live on a server, and potentially faster from an engineering standpoint.

Because Apple designs both the iPhone and processors that offer heavy-duty processing power at low energy usage, it’s best poised to offer an alternative vision to Android developer Google which has essentially built its business around internet services.

This engineering distinction has resulted in several new apps and features that do significantly more processing on the phone instead of in the cloud, including:

  • Local Siri. Apple said on Monday that that Siri now doesn’t need to send audio recordings to a server to understand what they say. Instead, Apple’s own voice recognition and processors are powerful enough to do them on the phone. This is a major difference from other assistants like Amazon’s Alexa, which uses serversto decipher speech. It could also make Siri faster.
  • Automatically organizing photos. Apple’s photos app can now use AI software to identify things inside your photo library, like pets, or vacation spots, or friends and family, and automatically organize them into galleries and animations, sometimes with musical accompaniment. Many of these features are available in Google Photos, but Google’s software requires all photos to be uploaded to the cloud. Apple’s technology can do the analysis on the device and even search the contents of the photos with text.

Apple’s privacy infrastructure also allows it to expand into big new markets like online payments, identity, and health, both from a product and marketing perspective.

It can build new products while being sure that it’s following best practices for not collecting unnecessary data or violating policies like Europe’s strict General Data Protection Regulation (GDPR).

In addition, users may feel more comfortable about features that deal with sensitive data or topics — like finance or health — because they trust Apple and its approach to data.

Features introduced by Apple on Monday show how the company is using its user data position to break into these lucrative markets.

  • Monitoring walking health and sharing medical records. Apple’s health app can now use readings from an iPhone, such movement when the user is walking, to warn them that they might be at risk for a harmful fall because they’re walking unsteadily. Apple will also enable users who connect their iPhone to the health records system to share those records with a doctor, friends, or family. Health data is among the most heavily regulated types of data, and it’s hard to see Apple introducing these features unless it was sure that it had a good reputation among customers and internal competence with handling sensitive data. “Privacy is fundamental in the design and development across all of our health features,” an Apple engineer said while introducing the feature.
  • Government IDs, keycards and car keys in the Wallet app. Apple used the trust it’s built in privacy and security when it launched Apple Card, its credit card with Goldman Sachs, in which users sign up for a line of credit almost entirely inside the app. Now, Apple has introduced several new features for the Wallet app that are most attractive for users who believe Apple’s security and privacy are up to the task. In iOS 15, Apple will enable users to put in car or home keys in their wallet app, which means all someone needs to get inside is their phone. Apple also said, without a lot of details, that it is working with the Transportation Security Administration to put American ID cards, like a driver’s license, inside the Wallet app, too.

Cook has said “privacy is a fundamental human right” and that the company’s policies and his personal stance doesn’t have to do with commerce or Apple’s products.

But being the big technology company that takes data issues seriously could end up being lucrative and allow Apple more freedom to launch new services and products. Facebook, Apple’s Silicon Valley neighbor and vocal Apple critic, has increasingly dealt with challenges launching new products because of the company’s poor reputation on how it handles user data.

Americans also say that privacy is factoring into buying decisions. A Pew study from 2020 said that 52% of Americans decided not to use a product or service because of concerns over data protection.

Categories
Health

Privateness legal guidelines want updating after Google cope with HCA Healthcare, medical ethics professor says

Privacy laws need updating after Google deal with HCA Healthcare, medical ethics professor says

US privacy laws need to be updated, especially after Google signs a deal with a major hospital chain, medical ethics expert Arthur Kaplan said on Wednesday.

“Now we have electronic medical records, huge amounts of data, and it’s like asking a navigation system from a WWI plane to guide us to the space shuttle,” said Kaplan, professor at the Grossman School of New York University Medicine. said “The news with Shepard Smith.” “We need to update our privacy and informed consent requirements.”

On Wednesday, Google’s cloud unit and hospital chain HCA Healthcare announced a contract that, according to the Wall Street Journal, gives Google access to patient records. The tech giant said it will use it to develop algorithms to monitor patients and help doctors make better decisions.

Jonathan Perlin, HCA’s chief medical officer, told the Journal that the company will remove any identifying information before giving the data to Google so it won’t know who you are. HCA collects data from 32 million patient visits each year and has more than 2,000 locations in 20 states.

But Kaplan told host Shepard Smith that he was concerned that a company like Google, which does a lot of commercial advertising, could correlate and potentially sell the health system information.

“They may not have your name, but sure enough they can find out which subgroup and subpopulation is best by promoting you,” Kaplan said.

Neither Google nor HCA responded to CNBC’s request for comment.

Categories
Health

Vaccine passports may show to be a privateness minefield

Singapore Airlines, Qantas shares jump

Crew members and travelers of Singapore Airlines in the transit hall of Changi Airport in Singapore on January 14, 2021.

Facebook Facebook Logo Log in to Facebook to connect with Roslan Rahman AFP | Getty Images

When the EU announced its plans for a “digital green certificate” this month, the tourism industry breathed a sigh of relief that perhaps the summer could be saved.

Since the outbreak of the coronavirus pandemic, the concept of a “vaccination pass” has been regularly put into circulation. Once vaccinated against Covid-19, a person could carry proof of vaccination that would allow them to travel or access services that are otherwise closed under lockdown.

The EU certificate, which avoids the use of the term “passport”, would create a common digital system for Europe, probably in the form of a smartphone app, to prove vaccination, negative test or recovery of the virus.

EU Justice Commissioner Didier Reynders said a common EU-wide approach to such a certificate would “gradually restore freedom of movement in the region”.

“It is also an opportunity to influence global standards and lead by example based on our European values ​​such as data protection,” he said earlier this month.

Various industries around the world have been tinkering with these passes for months.

IBM is working with New York State on a digital health passport that uses blockchain technology to verify a person’s test or vaccine IDs. Walmart, who is shooting in its stores, recently backed the demand for vaccine certificates.

Apple and Google previously worked together to create standards for contact tracking in smartphones. The EU has suggested that the tech giants could once again partner with the World Health Organization in this effort, but WHO has since denied it.

Now that the adoption of vaccines is accelerating, the prospect of these digital passports or certificates has caught the attention of many different industries.

Data privacy

The aviation and tourism industries – both brutalized last year – were most likely to be interested in using this technology to reopen global travel.

The International Air Transport Association launched their “Travel Pass” late last year and started a test with Singapore Airlines this month.

According to Katherine Kaczynska, deputy director of corporate communications at IATA, the app was originally developed to provide evidence of a negative test. It will be expanded to include proof of vaccination.

Kaczynska added that IATA is not in favor of requiring vaccines for travel, but that the industry group is instead viewing the app as a way to open up international travel.

Ultimately, the system will be integrated into an airline’s app, but it needs to be coherent in how various vaccination passport proposals are launched and operated, Kaczynska told CNBC.

Vaccination records electronically store medical information that is displayed as a QR code.

da-kuk | E + | Getty Images

“We’re working closely with governments because we need to make sure things are interoperable,” she said.

“It is the governments that have to come up with a standard for digital vaccine certificates, and then we have to make sure that it works with the IATA Travel Pass and other apps. Ours are specifically designed for aviation, but for it to work there.” obviously there has to be interoperability between different standards. ”

In view of the sensitive health-related data, the launch of a digital service raises questions about privacy and data protection.

IATA works with Evernym, a blockchain company that has worked on various projects for digital decentralized identities, including a project with the Red Cross.

“The main thing about the IATA Travel Pass is that it is a decentralized technology, which basically means that not all data is stored in any way in a central database. All data is stored on the passenger’s phone,” said Kaczynska .

According to the European Commission, the EU executive, only “essential information” will be required for the proposed system. This includes vaccination or test data and a unique identifier for the certificate.

ethics

Nicole Hassoun, a professor at Binghamton University who specializes in public health ethics, said that providing any type of vaccination record on a large scale requires careful consideration.

With vaccines being distributed in a patchwork of demographics, passports or certificates need to allow for exceptions to avoid discriminating against those who have not yet been vaccinated or who have health reasons for not being vaccinated, she said.

“Maybe you would allow some sort of passport system, but then there have to be health exemptions. There have to be exemptions for the welfare of people who have really good reasons to access these services (e.g. travel),” Hassoun told CNBC .

This is partly why the EU proposal not only focuses on vaccination but also includes negative tests.

A particular concern is that vaccines are still very new. While data from countries like Israel look promising, more data is needed to review how effective the various vaccines are in reducing transmission and what long-term immunity will look like, Hassoun added.

“We need more data on the effects on transmission for people who have been vaccinated or those with natural immunity. How long will it take? What if there are new strains?” She said.

“We have to be careful of what the private sector is doing and what governments are doing, and making sure we regulate when we have to, and making sure they are fair to everyone.”

She warned that the provision of passports and certificates must be fair, as is currently not the case with the introduction of vaccines themselves. As western nations like the UK and the US advance, others are lagging behind, such as Brazil, which has suffered some of the worst outbreaks in the world and is grappling with its introduction.

For the EU, which is facing its own supply problems due to disputes with AstraZeneca, the clock is ticking to have the digital green certificate ready for the summer season.

The framework requires swift examination and adoption by the European Parliament and the Council if Europe and its tourism sector are to avoid a second lost summer.

Categories
World News

Snap, Unity warn of impression from Apple iOS 14 IDFA privateness adjustments

Snap, Unity warn of impact from Apple iOS 14 IDFA privacy changes

Tim Cook, Apple’s CEO, gives a keynote speech during the European Union’s data protection conference in the EU Parliament on October 24, 2018 in Brussels, Belgium.

Yves Herman | Reuters

Snap and Unity Software, which reported fourth quarter earnings after Thursday’s bell, both warned of the impending impact of Apple’s privacy changes this spring.

To target cellphone ads and measure how effective they are, app developers and other industry players are now often using the Apple Advertiser ID (IDFA), a unique sequence of letters and numbers on each Apple device. However, once a data protection update is released, app makers must ask permission to access a user’s IDFA via a command prompt. A significant proportion of users are expected to say no, which is likely to make targeted advertising less effective.

The changes have become a major controversy for ad-supported companies like Facebook, which are expected to lose revenue from the change. But Facebook is far from being alone.

Unity Software said in its earnings report that the changes to IDFA will affect the way mobile game developers acquire new customers and “how they optimize customer experience for life.”

“While difficult to predict, our predictions are that IDFA changes begin in the spring and will reduce our sales by approximately $ 30 million, or 3% of sales, in 2021,” the company wrote.

In prepared comments on its fourth quarter earnings report, Snap’s chief financial officer Derek Andersen said the Apple changes pose a risk of disrupting demand for their implementation.

“It is not yet clear what the longer-term impact these changes could have on the dynamics of our business, and it may not be clear for a few months or more after the changes are implemented,” he said.

Apple is currently testing the data protection update in a beta version of iOS 14, which is expected to be available to all users in “spring”.

Jeremi Gorman, Snap’s chief business officer, said Snap worked with Apple to prepare for the changes, trained its advertisers, and made long-term investments to use more first-party data for advertising. In addition, the company plans to give advertisers more opportunities to make their products and services available to Snap users directly through Snapchat.

“The reality is that we admire Apple and we believe that they are trying to do what is right for their customers,” she said. “Your focus on privacy is based on our values ​​and the way we built our business from the start.”

She added, “Overall, we feel very well prepared for these changes, but changes to this ecosystem are usually disruptive and the outcome is uncertain.”

Stocks of both companies fell after close on Thursday, with Snap down more than 10% and Unity down more than 15%.

CNBC’s Salvador Rodriguez contributed to the coverage.

Nominations are open to the 2021 CNBC Disruptor 50, a list of private startups that are leveraging breakthrough technology to become the next generation of large public companies. Submit by Friday, February 12th at 3 p.m. EST.

Categories
Business

Grindr is fined $11.7 million below European privateness regulation.

Grindr is fined $11.7 million under European privacy law.

The Norwegian Data Protection Agency announced on Monday that it would punish Grindr, the world’s most popular gay dating app, 100 million Norwegian kroner, or about $ 11.7 million, for illegally disclosing private information about its users to advertising companies.

The agency announced that the app had transmitted the exact locations, user tracking codes and the name of the app to at least five advertising companies, with people in violation of European data protection law being essentially marked as LGBTQ without their express consent. Grindr shared users’ private data with MoPub, Twitter’s mobile advertising platform, among others, which, according to the agency, can exchange data with more than 100 partners.

Tobias Judin, head of the international division of the Norwegian Data Protection Agency, said that Grindr’s data mining practices have not only violated European data protection rights, but also seriously endangered users in countries like Qatar and Pakistan where consensual same-sex sexual acts take place could be illegal.

Recognition…Ilya Hendel

“If someone finds out that they are gay and knows their movements, they can be injured,” said Judin. “We’re trying to make these apps and services understand that this approach – not informing users, not getting valid consent to share their data – is completely unacceptable.”

The fine comes a year after European nonprofit groups filed complaints against Grindr and its advertising partners with data protection authorities. In testing last January, the New York Times found that the Android version of the Grindr app was exchanging location information that was so precise that it pinpointed reporters on the side of the building they were sitting on. In April, Grindr revised its user consent process.

In a statement, a spokesperson for Grindr said the company has received “valid legal approvals from all” of its users in Europe on multiple occasions and is confident that its “approach to protecting user privacy in social apps is top-notch”.

The statement added: “We are continuously improving our data protection practices with a view to evolving data protection laws and regulations and look forward to a productive dialogue with the Norwegian Data Protection Authority.”

The company has until February 15 to comment on the ruling before it is final. The Norwegian agency said it was investigating whether the advertising companies that received user data from Grindr also violated European data protection law. “

Privacy experts said the ruling would have far-reaching implications beyond dating apps.

“Not only does this set limits for Grindr,” said Finn Myrstad, director of digital policy at the Norwegian Consumers’ Council, one of the groups that made the complaints, “but it sets strict legal requirements for an entire industry that benefits from collecting and sharing . ” Information about our preferences, location, purchases, physical and mental health, sexual orientation, and political views. “

Categories
Business

defend your privateness in case you win Mega Tens of millions or Powerball

How to protect your privacy if you win Mega Millions or Powerball

MARK RALSTON | AFP | Getty Images

There is a chance that at least a few people in 2020 will be far richer than most of us.

With no ticket matching all six numbers drawn in Mega Millions on Tuesday, the jackpot for the Friday night drawing rose to $ 401 million. Powerball’s grand prize is not far behind at $ 363 million for the Wednesday night draw.

If you’re lucky enough to be the next big winner, experts say that part of protecting your windfall is protecting your identity when you can.

“Four hundred million dollars would attract a lot [attention]”said Attorney Kurt Panouses, founder of the Panouses Law Group in Indialantic, Florida and an expert in helping lottery winners.

Keeping your win calm will protect you from strangers and scammers who want a part of the prize.

However, states don’t always make data protection easy: only a handful allow winners to remain completely anonymous. In other cases, you may be able to claim the award through a trust or limited liability company or LLC that does not have your name on it. However, you need to plan for this.

Here are tips for big lottery winners trying to protect their privacy.

Handling your ticket

The standard advice is to sign the back of your ticket. However, if you find yourself in a state where a trust or LLC can claim the prize, hold back with this signature if privacy is important to you.

“Of course you want to protect the ticket, but whatever name is on the back of the ticket is identified as the payee,” said Panouses. “The back of the ticket is important for data protection reasons.”

In most states, he said, if you use an LLC or trust to claim the money, you can bypass disclosing your name.

More from Personal Finance:
Avoid these mistakes when splitting assets in a divorce
These are three of my worst money mistakes
Covid makes it harder to get into a top college

Panousas said he has also created trusts whose beneficiaries are sub-trusts instead of the winners. This adds an extra layer of data protection.

stay calm

While you might want to share your exciting news, experts say the fewer people know, the better.

“Keep the circle of people who don’t know or tell anyone about it,” said Panouses.

For example, if you are claiming the profit in conjunction with other family members, i.e. through a trust or LLC as a joint prize, then all parties involved should sign non-disclosure agreements, Panouses said.

Money management

In addition to choosing experienced professionals to help you tackle the windfall, it may also be wise to avoid the professionals in your hometown if you are concerned about the news that your profits will be lost.

“Someone in this office might say, ‘Oh, this is the lottery winner,'” Panouses said. He relies on a large investment and trust company that has a proven record of serving wealthy households.

“If I open accounts with them, I know the information won’t be made public,” said Panouses.

Plan an escape

Skipping town a bit after claiming your prize is probably a good idea.

“We make sure the winners have a plan to go somewhere for a week or so after they claim,” Panouses said. “When people find out you won, they may show up at your home.”

It’s also worth changing the cell phone number, he said. If you have a landline, this should also be changed.

You may also want to close your social media accounts if you cannot remain anonymous.