Resources

Amazon Delivery Drivers Forced to Sign ‘Biometric Consent’ Form or Lose Job

Amazon delivery drivers nationwide have to sign a “biometric consent” form this week that grants the tech behemoth permission to use AI-powered cameras to access drivers’ location, movement, and biometric data. If the company’s delivery drivers, who number around 75,000 in the United States, refuse to sign these forms, they lose their jobs. The form requires drivers to agree to facial recognition and other biometric data collection within the trucks they drive.

“Amazon may… use certain Technology that processes Biometric Information, including on-board safety camera technology which collects your photograph for the purposes of confirming your identity and connecting you to your driver account,” the form reads. “Using your photograph, this Technology, may create Biometric Information, and collect, store, and use Biometric Information from such photographs.”

It adds that “this Technology tracks vehicle location and movement, including miles driven, speed, acceleration, braking, turns, and following distance …as a condition of delivery packages for Amazon, you consent to the use of Technology.”

New Site Extracts and Posts Every Face from Parler’s Capitol Hill Insurrection Videos

“Late last week, a website called Faces of the Riot appeared online, showing nothing but a vast grid of more than 6,000 images of faces, each one tagged only with a string of characters associated with the Parler video in which it appeared,” reports WIRED, saying the site raises clear privacy concerns:
The site’s creator tells WIRED that he used simple, open source machine-learning and facial recognition software to detect, extract, and deduplicate every face from the 827 videos that were posted to Parler from inside and outside the Capitol building on January 6, the day when radicalized Trump supporters stormed the building in a riot that resulted in five people’s deaths. The creator of Faces of the Riot says his goal is to allow anyone to easily sort through the faces pulled from those videos to identify someone they may know, or recognize who took part in the mob, or even to reference the collected faces against FBI wanted posters and send a tip to law enforcement if they spot someone… “It’s entirely possible that a lot of people who were on this website now will face real-life consequences for their actions….”

A recent upgrade to the site adds hyperlinks from faces to the video source, so that visitors can click on any face and see what the person was filmed doing on Parler. The Faces of the Riot creator, who says he’s a college student in the “greater DC area,” intends that added feature to help contextualize every face’s inclusion on the site and differentiate between bystanders, peaceful protesters, and violent insurrectionists. He concedes that he and a co-creator are still working to scrub “non-rioter” faces, including those of police and press who were present. A message at the top of the site also warns against vigilante investigations, instead suggesting users report those they recognize to the FBI, with a link to an FBI tip page….

McDonald has previously both criticized the power of facial recognition technology and himself implemented facial recognition projects like ICEspy, a tool he launched in 2018 for identifying agents of the Immigration and Customs Enforcement agency… He sees Faces of the Riot as “playing it really safe” compared even to his own facial recognition experiments, given that it doesn’t seek to link faces with named identities. “And I think it’s a good call because I don’t think that we need to legitimize this technology any more than it already is and has been falsely legitimized,” McDonald says.

But McDonald also points out that Faces of the Riot demonstrates just how accessible facial recognition technologies have become. “It shows how this tool that has been restricted only to people who have the most education, the most power, the most privilege is now in this more democratized state,” McDonald says.

Twitter Bots Are a Major Source of Climate Disinformation

Twitter accounts run by machines are a major source of climate change disinformation that might drain support from policies to address rising temperatures. In the weeks surrounding former President Trump’s announcement about withdrawing from the Paris Agreement, accounts suspected of being bots accounted for roughly a quarter of all tweets about climate change, according to new research. “If we are to effectively address the existential crisis of climate change, bot presence in the online discourse is a reality that scientists, social movements and those concerned about democracy have to better grapple with,” wrote Thomas Marlow, a postdoctoral researcher at the New York University, Abu Dhabi, campus, and his co-authors. Their paper published last week in the journal Climate Policy is part of an expanding body of research about the role of bots in online climate discourse.

The new focus on automated accounts is driven partly by the way they can distort the climate conversation online. Marlow’s team measured the influence of bots on Twitter’s climate conversation by analyzing 6.8 million tweets sent by 1.6 million users between May and June 2017. Trump made his decision to ditch the climate accord on June 1 of that year. President Biden reversed the decision this week. From that dataset, the team ran a random sample of 184,767 users through the Botometer, a tool created by Indiana University’s Observatory on Social Media, which analyzes accounts and determines the likelihood that they are run by machines.

Researchers also categorized the 885,164 tweets those users had sent about climate change during the two-month study period. The most popular categories were tweets about climate research and news. Marlow and the other researchers determined that nearly 9.5% of the users in their sample were likely bots. But those bots accounted for 25% of the total tweets about climate change on most days. […] The researchers weren’t able to determine who deployed the bots. But they suspect the seemingly fake accounts could have been created by “fossil-fuel companies, petro-states or their surrogates,” all of which have a vested interest in preventing or delaying action on climate change.

Intelligence Analysts Use US Smartphone Location Data Without Warrants, Memo Says

A military arm of the intelligence community buys commercially available databases containing location data from smartphone apps and searches it for Americans’ past movements without a warrant, according to an unclassified memo obtained by The New York Times. Defense Intelligence Agency analysts have searched for the movements of Americans within a commercial database in five investigations over the past two and a half years, agency officials disclosed in a memo they wrote for Senator Ron Wyden, Democrat of Oregon.

The disclosure sheds light on an emerging loophole in privacy law during the digital age: In a landmark 2018 ruling known as the Carpenter decision, the Supreme Court held that the Constitution requires the government to obtain a warrant to compel phone companies to turn over location data about their customers. But the government can instead buy similar data from a broker — and does not believe it needs a warrant to do so. “D.I.A. does not construe the Carpenter decision to require a judicial warrant endorsing purchase or use of commercially available data for intelligence purposes,” the agency memo said.

Mr. Wyden has made clear that he intends to propose legislation to add safeguards for Americans’ privacy in connection with commercially available location data. In a Senate speech this week, he denounced circumstances “in which the government, instead of getting an order, just goes out and purchases the private records of Americans from these sleazy and unregulated commercial data brokers who are simply above the law.” He called the practice unacceptable and an intrusion on constitutional privacy rights. “The Fourth Amendment is not for sale,” he said.

How Law Enforcement Gets Around Your Smartphone’s Encryption

Lawmakers and law enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing that national security is at stake. But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade’s worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools…

once you unlock your device the first time after reboot, lots of encryption keys start getting stored in quick access memory, even while the phone is locked. At this point an attacker could find and exploit certain types of security vulnerabilities in iOS to grab encryption keys that are accessible in memory and decrypt big chunks of data from the phone. Based on available reports about smartphone access tools, like those from the Israeli law enforcement contractor Cellebrite and US-based forensic access firm Grayshift, the researchers realized that this is how almost all smartphone access tools likely work right now. It’s true that you need a specific type of operating system vulnerability to grab the keys — and both Apple and Google patch as many of those flaws as possible — but if you can find it, the keys are available, too…

Forensic tools exploiting the right vulnerability can grab even more decryption keys, and ultimately access even more data, on an Android phone.

NSO Used Real People’s Location Data To Pitch Its Contact-Tracing Tech

NSO, a private intelligence company best known for developing and selling governments access to its Pegasus spyware, pitched its contact-tracing system earlier this year, dubbed Fleming, aimed at helping governments track the spread of COVID-19. Fleming is designed to allow governments to feed location data from cell phone companies to visualize and track the spread of the virus. NSO gave several news outlets each a demo of Fleming, which NSO says helps governments make public health decisions “without compromising individual privacy.” But in May, a security researcher told TechCrunch that he found an exposed database storing thousands of location data points used by NSO to demonstrate how Fleming works — the same demo seen by reporters weeks earlier. TechCrunch reported the apparent security lapse to NSO, which quickly secured the database, but said that the location data was “not based on real and genuine data.” NSO’s claim that the location data wasn’t real differed from reports in Israeli media, which said NSO had used phone location data obtained from advertising platforms, known as data brokers, to “train” the system. Academic and privacy expert Tehilla Shwartz Altshuler, who was also given a demo of Fleming, said NSO told her that the data was obtained from data brokers, which sell access to vast troves of aggregate location data collected from the apps installed on millions of phones.

NSO is currently embroiled in a lawsuit with Facebook-owned WhatsApp, which last year blamed NSO for exploiting an undisclosed vulnerability in WhatsApp to infect some 1,400 phones with Pegasus, including journalists and human rights defenders. NSO says it should be afforded legal immunity because it acts on behalf of governments.

Dozens of Journalists’ iPhones Hacked With NSO ‘Zero-Click’ Spyware, Says Citizen Lab

For more than the past year, London-based reporter Rania Dridi and at least 36 journalists, producers and executives working for the Al Jazeera news agency were targeted with a so-called “zero-click” attack that exploited a now-fixed vulnerability in Apple’s iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link. Citizen Lab, the internet watchdog at the University of Toronto, was asked to investigate earlier this year after one of the victims, Al Jazeera investigative journalist Tamer Almisshal, suspected that his phone may have been hacked. In a technical report out Sunday and shared with TechCrunch, the researchers say they believe the journalists’ iPhones were infected with the Pegasus spyware, developed by Israel-based NSO Group. The researchers analyzed Almisshal’s iPhone and found it had between July and August connected to servers known to be used by NSO for delivering the Pegasus spyware. The device revealed a burst of network activity that suggests that the spyware may have been delivered silently over iMessage. Logs from the phone show that the spyware was likely able to secretly record the microphone and phone calls, take photos using the phone’s camera, access the victim’s passwords, and track the phone’s location.

Surveillance Compounded: Real-Time Crime Centers in the United States

Over the last two decades, law enforcement agencies across the United States have been obtaining more and more sophisticated surveillance technologies to collect data. Technologies such as networked cameras, automated license plate readers, and gunshot detection are deployed around the clock, as are the tools to process this data, such as predictive policing software and AI-enhanced video analytics. The last five years have seen a distinct trend in which police have begun deploying all of this technology in conjunction with one another. The technologies, working in concert, are being consolidated and fed into physical locations called Real-Time Crime Centers (RTCCs). These high-tech hubs, filled with walls of TV monitors and computer workstations for sworn officers and civilian analysts, not only exploit huge amounts of data, but also are used to justify an increase in surveillance technology through new “data-driven” or “intelligence-led” policing strategies.

As part of the Atlas of Surveillance project, the Electronic Frontier Foundation and students from the Reynolds School of Journalism at the University of Nevada, Reno have identified more than 80 RTCCs across the United States, with heavy concentrations in the South and the Northeast. In this report, we highlight the capabilities and controversies surrounding 7 of these facilities. As this trend expands, it is crucial that the public understands how the technologies are combined to collect data about people as they move through their day-to-day lives.

What Modern Video Surveillance Looks Like

A few years ago, when you saw a security camera, you may have thought that the video feed went to a VCR somewhere in a back office that could only be accessed when a crime occurs. Or maybe you imagined a sleepy guard who only paid half-attention, and only when they discovered a crime in progress. In the age of internet-connectivity, now it’s easy to imagine footage sitting on a server somewhere, with any image inaccessible except to someone willing to fast forward through hundreds of hours of footage.

That may be how it worked in 1990s heist movies, and it may be how a homeowner still sorts through their own home security camera footage. But that’s not how cameras operate in today’s security environment. Instead, advanced algorithms are watching every frame on every camera and documenting every person, animal, vehicle, and backpack as they move through physical space, and thus camera to camera, over an extended period of time.

France Bans Use of Drones To Police Protests In Paris

The Council of State said Paris police prefect Didier Lallement should halt “without delay” drone surveillance of gatherings on public roads. The ruling comes weeks after MPs backed a controversial security bill that includes police use of drones. Its main aim is to regulate how people share film or photos of police.

Privacy rights group La Quadrature du Net (LQDN) has argued that the bill’s main measures violate freedom of expression and that drones equipped with cameras cannot keep the peace but track individuals instead. The Council of State ruled there was “serious doubt over the legality” of drones without a prior text authorizing and setting out their use. LQDN said the only way the government could legalize drone surveillance now was in providing “impossible proof” that it was absolutely necessary to maintain law and order. The decision is the second setback in months for Parisian authorities’ drone plans. In May, the same court ruled that drones could not be used in the capital to track people in breach of France’s strict lockdown rules.

TikTok: Rampant product placement

In the world of TikTok, brands have the opportunity to get products out into the real world – or make stories of them already being out there. The platform turns placement into consumption as consumers participate – or play – with the products. Product placement on the platform could come from just giving products out to creators, or partnering with them, as is done on other platforms. However, it could also come from amplifying organic content or trends that are already happening with a brand’s products … Viewers are the stars. When it comes to distinguishing between viewers and audiences on TikTok, just as with content and ads, the lines are blurred. In fact, many TikTok users are also creators. For these creators, the feed is their stage and this where the opportunity for sponsorship and placement lies for brands.

Hundreds Riot, Thousands Protest at iPhone Factory in India

The international news agency AFP reports on “a violent rampage at a Taiwanese-run iPhone factory in southern India” leading to over 100 arrests. About 2,000 workers were involved in the protest, reports the Verge, citing the Indian Express newspaper.

The workers are protesting over allegations of unpaid wages and exploitation, according to AFP. “Local media reported workers saying they had not been paid for up to four months and were being forced to do extra shifts…”
Workers at the Taiwanese-run Wistron Infocomm Manufacturing near Bangalore smashed glass panels with rods and flipped cars on their side… CCTV cameras, fans and lights were torn down, while a car was set on fire, footage shared on social media showed…

A local trade union leader alleged that there was “brutal exploitation” of factory workers in sweatshop conditions at the iPhone manufacturing plant. “The state government has allowed the company to flout the basic rights,” Satyanand, who uses one name, told The Hindu newspaper… Labour unrest is not uncommon in India, with workers paid poorly and given few or no social security benefits.

High-Frequency Traders Push Closer To Light Speed With Cutting-Edge Cables

High-frequency traders are using an experimental type of cable to speed up their systems by billionths of a second, the latest move in a technological arms race to execute stock trades as quickly as possible. From a report:
The cable, called hollow-core fiber, is a next-generation version of the fiber-optic cable used to deliver broadband internet to homes and businesses. Made of glass, such cables carry data encoded as beams of light. But instead of being solid, hollow-core fiber is empty inside, with dozens of parallel, air-filled channels narrower than a human hair. Because light travels nearly 50% faster through air than glass, it takes about one-third less time to send data through hollow-core fiber than through the same length of standard fiber. The difference is often just a minuscule fraction of a second. But in high-frequency trading, that can make the difference between profits and losses. HFT firms use sophisticated algorithms and ultrafast data networks to execute rapid-fire trades in stocks, options and futures. Many are secretive about their trading strategies and technology.

Hollow-core fiber is the latest in a series of advances that fast traders have used to try to outrace their competition. A decade ago, a company called Spread Networks spent about $300 million to lay fiber-optic cable in a straight line from Chicago to New York, so traders could send data back and forth along the route in just 13 milliseconds, or thousandths of a second. Within a few years the link was superseded by microwave networks that reduced transmission times along the route to less than nine milliseconds. HFT firms have also used lasers to zip data between the data centers of the New York Stock Exchange and Nasdaq, and they have embedded their algorithms in superfast computer chips. Now, faced with the limits of physics and technology, traders are left fighting over nanoseconds. “The time increments of these improvements have gotten markedly smaller,” said Michael Persico, chief executive of Anova Financial Networks, a technology provider that runs communications networks used by HFT firms. High-frequency trading is controversial, with critics saying that some ultrafast strategies amount to an invisible tax on investors. Industry representatives say such criticism is unfounded.

Australia Sues Facebook Over Its Use of Onavo To Snoop

Australia’s Competition and Consumer Commission (ACCC) is suing Facebook over its use, in 2016 and 2017, of the Onavo VPN app to spy on users for commercial purposes. From a report:
The ACCC’s case accuses Facebook of false, misleading or deceptive conduct toward thousands of Australian consumers, after it had promoted the Onavo Protect app — saying it would keep users personal activity data private, protected and secret and not use it for any other purpose, when it was being used to gather data to help Facebook’s business. “Through Onavo Protect, Facebook was collecting and using the very detailed and valuable personal activity data of thousands of Australian consumers for its own commercial purposes, which we believe is completely contrary to the promise of protection, secrecy and privacy that was central to Facebook’s promotion of this app,” said ACCC chair Rod Sims in a statement. “Consumers often use VPN services because they care about their online privacy, and that is what this Facebook product claimed to offer. In fact, Onavo Protect channelled significant volumes of their personal activity data straight back to Facebook.”

Facebook Said It’s Developing A Tool To Read Your Brain

Facebook told employees this week that it’s developing a tool to summarize news articles so users won’t have to read them. It also laid out early plans for a neural sensor to detect people’s thoughts and translate them into action. From a report:
[…] He [Facebook Chief Technology Officer Mike Schroepfer] also detailed a neural sensor to read commandments from people’s brains. Having acquired neural interface startup CTRL-labs in 2019, Facebook demonstrated its progress in the field with a sensor that takes “neural signals coming from my brain, down my spinal cord along my arm, to my wrist” and allows a user to make a physical action. Schroepfer noted that it could be used for typing, holding a virtual object, or controlling a character in a video game. “We all get the privilege of seeing the future because we are making it,” he said. Still, Facebook’s chief technology officer seemed to anticipate any criticisms of the products — or past failures — by touting safety measures. “We have to build responsibly to earn trust and the right to continue to grow,” he said. “It’s imperative that we get this right so that people around the world get all these amazing technologies … without experiencing the downsides.”

How the Nature Conservancy, the World’s Biggest Environmental Group, Became a Dealer of Meaningless Carbon Offsets

At first glance, big corporations appear to be protecting great swaths of U.S. forests in the fight against climate change. JPMorgan Chase & Co. has paid almost $1 million to preserve forestland in eastern Pennsylvania. Forty miles away, Walt Disney has spent hundreds of thousands to keep the city of Bethlehem, Pa., from aggressively harvesting a forest that surrounds its reservoirs. Across the state line in New York, investment giant BlackRock has paid thousands to the city of Albany to refrain from cutting trees around its reservoirs. JPMorgan, Disney, and BlackRock tout these projects as an important mechanism for slashing their own large carbon footprints.

By funding the preservation of carbon-absorbing forests, the companies say, they’re offsetting the carbon-producing impact of their global operations. But in all of those cases, the land was never threatened; the trees were already part of well-preserved forests. Rather than dramatically change their operations — JPMorgan executives continue to jet around the globe, Disney’s cruise ships still burn oil, and BlackRock’s office buildings gobble up electricity — the corporations are working with the Nature Conservancy, the world’s largest environmental group, to employ far-fetched logic to help absolve them of their climate sins. By taking credit for saving well-protected land, these companies are reducing nowhere near the pollution that they claim. […]

China Turns On Nuclear-Powered ‘Artificial Sun’

China successfully powered up its “artificial sun” nuclear fusion reactor for the first time, state media reported Friday, marking a great advance in the country’s nuclear power research capabilities. Phys.Org reports:
The HL-2M Tokamak reactor is China’s largest and most advanced nuclear fusion experimental research device, and scientists hope that the device can potentially unlock a powerful clean energy source. It uses a powerful magnetic field to fuse hot plasma and can reach temperatures of over 150 million degrees Celsius, according to the People’s Daily — approximately ten times hotter than the core of the sun. Located in southwestern Sichuan province and completed late last year, the reactor is often called an “artificial sun” on account of the enormous heat and power it produces. They plan to use the device in collaboration with scientists working on the International Thermonuclear Experimental Reactor — the world’s largest nuclear fusion research project based in France, which is expected to be completed in 2025.

Australia’s Great Barrier Reef Status Lowered To ‘Critical’ and Deteriorating

The health status of Australia’s Great Barrier Reef has officially declined from “significant concern” to “critical” for the first time, the International Union for Conservation of Nature (IUCN) announced this week. CBS News reports:
It said climate change is now the biggest threat to natural World Heritage sites, including the world’s largest and most spectacular coral reef. According to the new report, one-third of the 252 natural World Heritage sites are now threatened by climate change. Previously, invasive species were listed as the top threat.

The Great Barrier Reef must contend with ocean warming, acidification and extreme weather to stay alive amid record heat waves. It has lost half of its coral to climate change since 1995, with its status now listed as “critical” — the most urgent designated status in the classification system of the UNESCO advisory board. Sites listed as critical are “severely treated and require urgent, additional and large-scale conservation measures,” the report said. Additionally, the report warns that plans to protect the reef long-term have been slow to implement, failing to stop or reverse the reef’s deterioration.
The report adds that four other Australian world heritage sites have also deteriorated and received lowered statuses — the Blue Mountains, the Gondwana rainforests, the Ningaloo Coast and Shark Bay. “Overall, more sites have deteriorated than improved since 2017,” reports CBS News.

US Air Pollution Monitoring Network Falling Into Disrepair

The U.S. air pollution monitoring network has fallen into disrepair after years of budget cuts and neglect, leaving tens of millions of Americans vulnerable to undetected bad air quality from events like wildfires to industrial pollution, according to a report by the investigative arm of Congress. Reuters:
The conclusions from a 2-1/2-year audit by the U.S. Government Accountability Office (GAO) confirm key findings in a Reuters special report published last week that detailed broad failures in the air-pollution monitoring system, whose data guides U.S. regulatory policy and informs the public about health risks. Federal funding for the air monitoring network, which is overseen by the Environmental Protection Agency (EPA) and operated and maintained by state and local environmental agencies, has declined by about 20% since 2004, after adjusting for inflation, leaving it in poor condition, according to the GAO report viewed by Reuters. The GAO report said some agencies have reported termite damage and leaky roofs at shelters housing sensitive but aging pollution monitoring equipment, and one state agency resorted to shopping on eBay to find used monitor parts because the manufacturer had stopped making them.

China Expanding Weather-Control Program To Make Artificial Rain, Snow

China is massively expanding its weather-control project, and is aiming to be able to cover half the country in artificial rain and snow by 2025, the government said Tuesday. Business Insider reports:
The practice of “cloud seeding” was discovered in the US in 1946 by a chemist working for General Electric. China launched its own similar program in the 1960s. Dozens of other countries — including the US — also have such programs, but Beijing has the world’s largest, employing around 35,000 people, The Guardian reported.

In a statement, China’s State Council said that the country’s cloud seeing project will expand fivefold to cover an area of 2.1 million square miles and be completed by 2025. (China encompasses 3.7 million square miles, meaning the project could cover 56% of the country’s surface area.) The project will be at a “worldwide advanced level” by 2035, the State Council said, and will help alleviate “disasters such as drought and hail” and facilitate emergency responses “to forest or grassland fires.”