Resources

Scope creep: Woman Whose Rape Kit DNA Led To Her Arrest

A rape victim whose DNA from her sexual assault case was used by San Francisco police to arrest her in an unrelated property crime on Monday filed a lawsuit against the city. During a search of a San Francisco Police Department crime lab database, the woman’s DNA was tied to a burglary in late 2021. Her DNA had been collected and stored in the system as part of a 2016 domestic violence and sexual assault case, then-District Attorney Chesa Boudin said in February in a shocking revelation that raised privacy concerns. “This is government overreach of the highest order, using the most unique and personal thing we have — our genetic code — without our knowledge to try and connect us to crime,” the woman’s attorney, Adante Pointer, said in a statement.

The revelation prompted a national outcry from advocates, law enforcement, legal experts and lawmakers. Advocates said the practice could affect victims’ willingness to come forward to law enforcement authorities. Federal law already prohibits the inclusion of victims’ DNA in the national Combined DNA Index System. There is no corresponding law in California to prohibit local law enforcement databases from retaining victims’ profiles and searching them years later for entirely different purposes.

Boudin said the report was found among hundreds of pages of evidence against a woman who had been recently charged with a felony property crime. After learning the source of the DNA evidence, Boudin dropped the felony property crime charges against the woman. The police department’s crime lab stopped the practice shortly after receiving a complaint from the district attorney’s office and formally changed its operating procedure to prevent the misuse of DNA collected from sexual assault victims, Police Chief Bill Scott said. Scott said at a police commission meeting in March that he had discovered 17 crime victim profiles, 11 of them from rape kits, that were matched as potential suspects using a crime victims database during unrelated investigations. Scott said he believes the only person arrested was the woman who filed the lawsuit Monday.

149

Scope creep with Australia metadata retention

Telecommunications industry group Communications Alliance has revealed details of dozens of state and federal departments and agencies it claims are accessing so-called communications ‘metadata’.

The 2015 legislation that introduced the data retention regime authorised a list of “criminal law-enforcement agencies” to obtain warrant-free access to metadata. Those agencies included federal, state and territory police agencies, a number of anti-corruption bodies, Border Force, the Australian Securities and Investments Commission; and the Australian Competition and Consumer Commission.

However, last month at the hearing of an inquiry into the government’s bill aimed at enhancing police access to encrypted communications services, Communications Alliance CEO John Stanton said that a significantly larger number of organisations were accessing information kept by telcos to meet their data retention obligations.

In addition to police agencies and other organisations listed in the data retention legislation, it includes Centrelink, the Australian Taxation Office, Australia Post’s Corporate Security Group, Workplace Health and Safety, Work Safe Victoria, the Taxi Services Commission and a number of local councils.

615

Now Apps Can Track You Even After You Uninstall Them

If it seems as though the app you deleted last week is suddenly popping up everywhere, it may not be mere coincidence. Companies that cater to app makers have found ways to game both iOS and Android, enabling them to figure out which users have uninstalled a given piece of software lately—and making it easy to pelt the departed with ads aimed at winning them back.

Adjust, AppsFlyer, MoEngage, Localytics, and CleverTap are among the companies that offer uninstall trackers, usually as part of a broader set of developer tools. Their customers include T-Mobile US, Spotify Technology, and Yelp. (And Bloomberg Businessweek parent Bloomberg LP, which uses Localytics.) Critics say they’re a fresh reason to reassess online privacy rights and limit what companies can do with user data.

Uninstall tracking exploits a core element of Apple Inc.’s and Google’s mobile operating systems: push notifications. Developers have always been able to use so-called silent push notifications to ping installed apps at regular intervals without alerting the user—to refresh an inbox or social media feed while the app is running in the background, for example. But if the app doesn’t ping the developer back, the app is logged as uninstalled, and the uninstall tracking tools add those changes to the file associated with the given mobile device’s unique advertising ID, details that make it easy to identify just who’s holding the phone and advertise the app to them wherever they go.

At its best, uninstall tracking can be used to fix bugs or otherwise refine apps without having to bother users with surveys or more intrusive tools. But the ability to abuse the system beyond its original intent exemplifies the bind that accompanies the modern internet, says Gillula. To participate, users must typically agree to share their data freely, probably forever, not knowing exactly how it may be used down the road. “As an app developer, I would expect to be able to know how many people have uninstalled an app,” he says. “I would not say that, as an app developer, you have a right to know exactly who installed and uninstalled your app.”

639