Data Digest № 008
Welcome to the eighth edition of the Datawallet Data Digest. From lawsuits and mass data breaches, to requests for access from social scientists and the US government, this week in the world of data saw it all. Let’s get to it.
How Telco Data Ends Up With Bounty Hunters
On Thursday class action lawsuits were filed against four of the leading telecommunication companies in the US for their role in various location data scandals. Motherboard’s investigation back in January 2019 exposed T-Mobile, Sprint, and AT&T for selling data that their customers generate to a variety of private organizations which resell this data with little to no degree of scrutiny. Motherboard followed the trail and found it ultimately ending in dark corners of the web, where it is bought by credit companies, private investigators, and bounty hunters. Just to name a few.
Posing as a potential customer, Motherboard explicitly asked a customer support staffer of one of these resellers, Microbilt, whether the company offered phone geolocation for bail bondsmen. Shortly thereafter, another staffer emailed with a price list. Locating a phone costs as little as $4.95 each, and getting real-time updates on a phone’s location is a mere $12.95.
The investigation plays into the hands of policy makers who are paying more attention than ever to the ways that location and other sensitive data is collected and sold. In response to the charges, the FCC demanded answers from several carriers. Commissioner Jessica Rosenworcel stated in a letter to AT&T CEO John Donovan that “it is evident from press reports that this data may have been sold without the explicit consent of consumers and without appropriate safeguards in place.“ Considering T-Mobile CEO John Legere promised last year that his company , it’s hardly surprising that the FCC are unconvinced.
Verizon, T-Mobile, Sprint, and AT&T Hit With Class Action Lawsuit Over Selling Customers’ Location Data
DPC Open Formal Probes Against Adtech
Quantcast, a leading adtech player, is selling “market intelligence” tools that mine the personal data of millions of Internet users. With their technology buried deep into the inner workings of the web, it’s often very difficult for consumers to comprehend the scale to which these invisible strangers are stalking them. That’s why leading initiatives such as ‘Privacy International’ are so vital to the cause. We need to expose these companies for who they are, shady companies that are profiting from other people’s most private information on the internet and offline. Adding to the 17 investigations it already had up and running into Facebook, WhatsApp, Instagram, Apple, Twitter and LinkedIn, the Irish Data Protection Commission (DPC), which is the leading data protection regulator for most multinational tech giants in Europe, has finally opened a formal probe into Quantcast’s business.
Privacy International on Twitter
Privacy International commented on the probe: “We are extremely pleased that as a result of our submission the Irish DPC are commencing an inquiry into Quantcast. Quantcast is a company that most of us have never heard of but that amasses data and builds intricate profiles of our lives. PI’s submission sets out why we consider Quantcast’s practices are failing to meet the standards set by GDPR, especially its profiling. The real test of GDPR will be its enforcement.”
If they’re found to have breached the regulation they can face financial penalties of up to as high as 4% of their annual global turnover. Here’s to hoping!
Adtech veteran Quantcast is latest tech giant to face GDPR privacy probe – TechCrunch
Google Auto-Deletion is the Google Glass for Data
On Tuesday Google jumped on the PR privacy bandwagon and announced that they will soon introduce controls that allow you to “auto-delete” your location data, app activity, and web history after 3 or 18 months. What may seem like a move towards embracing the right to privacy of its customers, will likely turn out to be nothing more than a PR stunt. That becomes clear when analyzing which data sets are not part of the auto-deletion program, i.e. your voice and audio activity as well as your Youtube watch and search history. Google’s reluctance to incorporate these specific data sets in their new privacy gimmick inadvertently reveals which data sets are most precious to them. Seems like we’re in for quite a bit of “innovation” in the spaces of voice and video. Nice!
Google now lets you auto-delete your app activity, location and web history after 3 or 18 months – TechCrunch
Facebook’s Questionable Quest to Fight Fake News
Social scientists, and the wider general public, have been grappling with the influence of fake news in general elections for the best part of the twenty-first century. The epidemic, which has largely taken hold on Facebook, and has been the focal points of interference in crucial elections in parliaments worldwide, is now a prime focus for researchers. Facebook is now allowing access to data sets within secure environments in order to get to the root cause of how the sheer scale of the spread in misinformation was able to evolve.
While this is an unprecedented step for future research, we must remain circumspect. MIT researchers conducted studies on Twitter and found that fake news was 70% more likely to be retweeted than real news. Here’s some simple math: higher engagement = more activity on a site’s network = more bandwidth for advertisers to reach their target customers = higher profits for the site = conflict of interest. If the research actually finds actual reasons for the spread of misinformation, it will harm Facebook’s business.
Facebook gives social scientists unprecedented access to its user data
House Democrats Press Big Tech For Counterterrorist Funds
Following on the subject of political manipulation via social media platforms, the house democrats have demanded that big tech submit their budgets to curb propaganda on their platforms. Thompson and Rep. Max Rose (D-NY) higlighted that “Domestic terrorism is on the rise both here and abroad, and of all forms of terrorism and extremism are increasingly turning to these social media platforms to proliferate their message and spread their violent, hateful content.” According to the committee, Facebook refused to respond to their requests. Twitter and Google also declined to comment and Microsoft did not immediately respond to the inquiry. The evidence continually highlights the incessant power struggle between the monetary incentives of large tech corporations and governmental access to information. This pure lack of initiative and response amongst the largest, most influential companies on one of the most pressing issues today showcases their inherent lack of care and responsibility to the general public. Simultaneously, the question of how to police content and how these impactful platforms can objectively combat the misuse remains a strongly debated topic.
House Democrats want to see how much Big Tech is spending to curb extremism
80 Million US Household Data Breach
To wrap this week’s Data Digest with some positive news: a data breach the size of half of all US households was uncovered by security researchers Noam Rotem and Ran Locar. An unsecured database holding eighty million households data including addresses, names, dates of birth, and more was found to be freely accessible by cybercriminals and can be used for identity theft, social engineering attacks and more. Tim Erlin, the VP at TripWire stated:
“If you are storing data in the cloud, you can and should be able to audit the access permissions for that data on a continuous basis.”
Yet another example of poor data handling. Organizations need to step up and take responsibility for the blunders made. They need to respect the privacy of the data that their customers entrust to them.
Data Of 80 Million American Households Exposed In Mystery Database Mega-Leak
That’s all for this week. Until next time!
SerafinData DigestConsumer PrivacyAd TechData Breaches Data Misuse Regulatory Updates