privacy
Auto Added by WPeMatico
Auto Added by WPeMatico
A European coalition of techies and scientists drawn from at least eight countries, and led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI), is working on contacts-tracing proximity technology for COVID-19 that’s designed to comply with the region’s strict privacy rules — officially unveiling the effort today.
China-style individual-level location-tracking of people by states via their smartphones even for a public health purpose is hard to imagine in Europe — which has a long history of legal protection for individual privacy. However the coronavirus pandemic is applying pressure to the region’s data protection model, as governments turn to data and mobile technologies to seek help with tracking the spread of the virus, supporting their public health response and mitigating wider social and economic impacts.
Scores of apps are popping up across Europe aimed at attacking coronavirus from different angles. European privacy not-for-profit, noyb, is keeping an updated list of approaches, both led by governments and private sector projects, to use personal data to combat SARS-CoV-2 — with examples so far including contacts tracing, lockdown or quarantine enforcement and COVID-19 self-assessment.
The efficacy of such apps is unclear — but the demand for tech and data to fuel such efforts is coming from all over the place.
In the UK the government has been quick to call in tech giants, including Google, Microsoft and Palantir, to help the National Health Service determine where resources need to be sent during the pandemic. While the European Commission has been leaning on regional telcos to hand over user location data to carry out coronavirus tracking — albeit in aggregated and anonymized form.
The newly unveiled Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project is a response to the coronavirus pandemic generating a huge spike in demand for citizens’ data that’s intended to offer not just an another app — but what’s described as “a fully privacy-preserving approach” to COVID-19 contacts tracing.
The core idea is to leverage smartphone technology to help disrupt the next wave of infections by notifying individuals who have come into close contact with an infected person — via the proxy of their smartphones having been near enough to carry out a Bluetooth handshake. So far so standard. But the coalition behind the effort wants to steer developments in such a way that the EU response to COVID-19 doesn’t drift towards China-style state surveillance of citizens.
While, for the moment, strict quarantine measures remain in place across much of Europe there may be less imperative for governments to rip up the best practice rulebook to intrude on citizens’ privacy, given the majority of people are locked down at home. But the looming question is what happens when restrictions on daily life are lifted?
Contacts tracing — as a way to offer a chance for interventions that can break any new infection chains — is being touted as a key component of preventing a second wave of coronavirus infections by some, with examples such as Singapore’s TraceTogether app being eyed up by regional lawmakers.
Singapore does appear to have had some success in keeping a second wave of infections from turning into a major outbreak, via an aggressive testing and contacts-tracing regime. But what a small island city-state with a population of less than 6M can do vs a trading bloc of 27 different nations whose collective population exceeds 500M doesn’t necessarily seem immediately comparable.
Europe isn’t going to have a single coronavirus tracing app. It’s already got a patchwork. Hence the people behind PEPP-PT offering a set of “standards, technology, and services” to countries and developers to plug into to get a standardized COVID-19 contacts-tracing approach up and running across the bloc.
The other very European flavored piece here is privacy — and privacy law. “Enforcement of data protection, anonymization, GDPR [the EU’s General Data Protection Regulation] compliance, and security” are baked in, is the top-line claim.
“PEPP-PR was explicitly created to adhere to strong European privacy and data protection laws and principles,” the group writes in an online manifesto. “The idea is to make the technology available to as many countries, managers of infectious disease responses, and developers as quickly and as easily as possible.
“The technical mechanisms and standards provided by PEPP-PT fully protect privacy and leverage the possibilities and features of digital technology to maximize speed and real-time capability of any national pandemic response.”
Hans-Christian Boos, one of the project’s co-initiators — and the founder of an AI company called Arago –discussed the initiative with German newspaper Der Spiegel, telling it: “We collect no location data, no movement profiles, no contact information and no identifiable features of the end devices.”
The newspaper reports PEPP-PT’s approach means apps aligning to this standard would generate only temporary IDs — to avoid individuals being identified. Two or more smartphones running an app that uses the tech and has Bluetooth enabled when they come into proximity would exchange their respective IDs — saving them locally on the device in an encrypted form, according to the report.
Der Spiegel writes that should a user of the app subsequently be diagnosed with coronavirus their doctor would be able to ask them to transfer the contact list to a central server. The doctor would then be able to use the system to warn affected IDs they have had contact with a person who has since been diagnosed with the virus — meaning those at risk individuals could be proactively tested and/or self-isolate.
On its website PEPP-PT explains the approach thus:
Mode 1
If a user is not tested or has tested negative, the anonymous proximity history remains encrypted on the user’s phone and cannot be viewed or transmitted by anybody. At any point in time, only the proximity history that could be relevant for virus transmission is saved, and earlier history is continuously deleted.Mode 2
If the user of phone A has been confirmed to be SARS-CoV-2 positive, the health authorities will contact user A and provide a TAN code to the user that ensures potential malware cannot inject incorrect infection information into the PEPP-PT system. The user uses this TAN code to voluntarily provide information to the national trust service that permits the notification of PEPP-PT apps recorded in the proximity history and hence potentially infected. Since this history contains anonymous identifiers, neither person can be aware of the other’s identity.
Providing further detail of what it envisages as “Country-dependent trust service operation”, it writes: “The anonymous IDs contain encrypted mechanisms to identify the country of each app that uses PEPP-PT. Using that information, anonymous IDs are handled in a country-specific manner.”
While on healthcare processing is suggests: “A process for how to inform and manage exposed contacts can be defined on a country by country basis.”
Among the other features of PEPP-PT’s mechanisms the group lists in its manifesto are:
Having a standardized approach that could be plugged into a variety of apps would allow for contacts tracing to work across borders — i.e. even if different apps are popular in different EU countries — an important consideration for the bloc, which has 27 Member States.
However there may be questions about the robustness of the privacy protection designed into the approach — if, for example, pseudonymized data is centralized on a server that doctors can access there could be a risk of it leaking and being re-identified. And identification of individual device holders would be legally risky.
Europe’s lead data regulator, the EDPS, recently made a point of tweeting to warn an MEP (and former EC digital commissioner) against the legality of applying Singapore-style Bluetooth-powered contacts tracing in the EU — writing: “Please be cautious comparing Singapore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.”
Dear Mr. Commissioner, please be cautious comparing Singapoore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.
— Wojtek Wiewiorowski (@W_Wiewiorowski) March 27, 2020
A spokesman for the EDPS told us it’s in contact with data protection agencies of the Member States involved in the PEPP-PT project to collect “relevant information”.
“The general principles presented by EDPB on 20 March, and by EDPS on 24 March are still relevant in that context,” the spokesman added — referring to guidance issued by the privacy regulators last month in which they encouraged anonymization and aggregation should Member States want to use mobile location data for monitoring, containing or mitigating the spread of COVID-19. At least in the first instance.
“When it is not possible to only process anonymous data, the ePrivacy Directive enables Member States to introduce legislative measures to safeguard public security (Art. 15),” the EDPB further noted.
“If measures allowing for the processing of non-anonymised location data are introduced, a Member State is obliged to put in place adequate safeguards, such as providing individuals of electronic communication services the right to a judicial remedy.”
We reached out to the HHI with questions about the PEPP-PT project and were referred to Boos — but at the time of writing had been unable to speak to him.
“The PEPP-PT system is being created by a multi-national European team,” the HHI writes in a press release about the effort. “It is an anonymous and privacy-preserving digital contact tracing approach, which is in full compliance with GDPR and can also be used when traveling between countries through an anonymous multi-country exchange mechanism. No personal data, no location, no Mac-Id of any user is stored or transmitted. PEPP-PT is designed to be incorporated in national corona mobile phone apps as a contact tracing functionality and allows for the integration into the processes of national health services. The solution is offered to be shared openly with any country, given the commitment to achieve interoperability so that the anonymous multi-country exchange mechanism remains functional.”
“PEPP-PT’s international team consists of more than 130 members working across more than seven European countries and includes scientists, technologists, and experts from well-known research institutions and companies,” it adds.
“The result of the team’s work will be owned by a non-profit organization so that the technology and standards are available to all. Our priorities are the well being of world citizens today and the development of tools to limit the impact of future pandemics — all while conforming to European norms and standards.”
The PEPP-PT says its technology-focused efforts are being financed through donations. Per its website, it says it’s adopted the WHO standards for such financing — to “avoid any external influence”.
Of course for the effort to be useful it relies on EU citizens voluntarily downloading one of the aligned contacts tracing apps — and carrying their smartphone everywhere they go, with Bluetooth enabled.
Without substantial penetration of regional smartphones it’s questionable how much of an impact this initiative, or any contacts tracing technology, could have. Although if such tech were able to break even some infection chains people might argue it’s not wasted effort.
Notably, there are signs Europeans are willing to contribute to a public healthcare cause by doing their bit digitally — such as a self-reporting COVID-19 tracking app which last week racked up 750,000 downloads in the UK in 24 hours.
But, at the same time, contacts tracing apps are facing scepticism over their ability to contribute to the fight against COVID-19. Not everyone carries a smartphone, nor knows how to download an app, for instance. There’s plenty of people who would fall outside such a digital net.
Meanwhile, while there’s clearly been a big scramble across the region, at both government and grassroots level, to mobilize digital technology for a public health emergency cause there’s arguably greater imperative to direct effort and resources at scaling up coronavirus testing programs — an area where most European countries continue to lag.
Germany — where some of the key backers of the PEPP-PT are from — being the most notable exception.
Powered by WPeMatico
As part of its response to the public health emergency triggered by the COVID-19 pandemic, the European Commission has been leaning on Europe’s telcos to share aggregate location data on their users.
“The Commission kick-started a discussion with mobile phone operators about the provision of aggregated and anonymised mobile phone location data,” it said today.
“The idea is to analyse mobility patterns including the impact of confinement measures on the intensity of contacts, and hence the risks of contamination. This would be an important — and proportionate — input for tools that are modelling the spread of the virus, and would also allow to assess the current measures adopted to contain the pandemic.”
“We want to work with one operator per Member State to have a representative sample,” it added. “Having one operator per Member State also means the aggregated and anonymised data could not be used to track individual citizens, that is also not at all the intention. Simply because not all have the same operator.
“The data will only be kept as long as the crisis is ongoing. We will of course ensure the respect of the ePrivacy Directive and the GDPR.”
Earlier this week Politico reported that commissioner Thierry Breton held a conference with carriers, including Deutsche Telekom and Orange, asking for them to share data to help predict the spread of the novel coronavirus.
Europe has become a secondary hub for the disease, with high rates of infection in countries including Italy and Spain — where there have been thousands of deaths apiece.
The European Union’s executive is understandably keen to bolster national efforts to combat the virus. Although, it’s less clear exactly how aggregated mobile location data can help — especially as more EU citizens are confined to their homes under national quarantine orders. (While police patrols and CCTV offer an existing means of confirming whether or not people are generally moving around.)
Nonetheless, EU telcos have already been sharing aggregate data with national governments.
Orange in France is sharing “aggregated and anonymized” mobile phone geolocation data with Inserm, a local health-focused research institute — to enable them to “better anticipate and better manage the spread of the epidemic,” as a spokeswoman put it.
“The idea is simply to identify where the populations are concentrated and how they move before and after the confinement in order to be able to verify that the emergency services and the health system are as well armed as possible, where necessary,” she added. “For instance, at the time of confinement, more than 1 million people left the Paris region and at the same time the population of Ile de Ré increased by 30%.
“Other uses of this data are possible and we are currently in discussions with the State on all of these points. But, it must be clear, we are extremely vigilant with regards to concerns and respect for privacy. Moreover, we are in contact with the CNIL [France’s data protection watchdog]… to verify that all of these points are addressed.”
Germany’s Deutsche Telekom is also providing to national health authorities what a spokesperson dubbed “anonymized swarm data” to combat the corona virus.
“European mobile operators are also to make such anonymized mass data available to the EU Commission at its request,” the spokesperson told us. “In fact, we will first provide the EU Commission with a description of data we have sent to German health authorities.”
It’s not entirely clear whether the Commission’s intention is to pool data from such existing local efforts — or whether it’s asking EU carriers for a different, universal data-set to be shared with it during the COVID-19 emergency.
When we asked about this it did not provide an answer. Although we understand discussions are ongoing with operators — and that it’s the Commission’s aim to work with one operator per Member State.
The Commission has said the metadata will be used for modelling the spread of the virus and for looking at mobility patterns to analyze and assess the impact of quarantine measures.
A spokesman emphasized that individual-level tracking of EU citizens is not on the cards.
“The Commission is in discussions with mobile operators’ associations about the provision of aggregated and anonymised mobile phone location data,” the spokesman for Breton told us.
“These data permit to analyse mobility patterns including the impact of confinement measures on the intensity of contacts and hence the risks of contamination. They are therefore an important and proportionate tool to feed modelling tools for the spread of the virus and also assess the current measures adopted to contain the Coronavrius pandemic are effective.”
“These data do not enable tracking of individual users,” he added. “The Commission is in close contact with the European Data Protection Supervisor (EDPS) to ensure the respect of the ePrivacy Directive and the GDPR.”
At this point there’s no set date for the system to be up and running — although we understand the aim is to get data flowing asap. The intention is also to use data sets that go back to the start of the epidemic, with data-sharing ongoing until the pandemic is over — at which point we’re told the data will be deleted.
Breton hasn’t had to lean very hard on EU telcos to share data for a crisis cause.
Earlier this week Mats Granryd, director general of operator association the GSMA, tweeted that its members are “committed to working with the European Commission, national authorities and international groups to use data in the fight against COVID-19 crisis.”
Although, he added an important qualifier: “while complying with European privacy standards.”
The @GSMA and our members are committed to working with the @EU_Commission, national authorities and international groups to use data in the fight against COVID-19 crisis, while complying with European privacy standards. https://t.co/f1hBYT5Lqx
— Mats Granryd (@MatsGranryd) March 24, 2020
Europe’s data protection framework means there are limits on how people’s personal data can be used — even during a public health emergency. And while the legal frameworks do quite rightly bake in flexibility for a pressing public purpose, like the COVID-19 pandemic, it does not mean individuals’ privacy rights automatically go out the window.
Individual tracking of mobile users for contact tracing — such as Israel’s government is doing — is unimaginable at the pan-EU level. Certainly unless the regional situation deteriorates drastically.
One privacy lawyer we spoke to last week suggested such a level of tracking and monitoring across Europe would be akin to a “last resort.” Though individual EU countries are choosing to respond differently to the crisis — such as, for example, Poland giving quarantined people a choice between regular police check ups or uploading geotagged selfies to prove they’re not breaking lockdown.
While former EU Member the U.K. has reportedly chosen to invite in the controversial U.S. surveillance-as-a-service tech firm Palantir to carry out resource tracking for its National Health Service during the coronavirus crisis.
Under pan-EU law (which the U.K. remains subject to, until the end of the Brexit transition period), the rule of thumb is that extraordinary data-sharing — such as the Commission asking telcos to share user location data during a pandemic — must be “temporary, necessary and proportionate,” as digital rights group Privacy International recently noted.
This explains why Breton’s request is for “anonymous and aggregated” location data. And why, in background comments to reporters, the claim is that any shared data sets will be deleted at the end of the pandemic.
Not every EU lawmaker appears entirely aware of all the legal limits, however.
Today the bloc’s lead privacy regulator, data protection supervisor (EDPS) Wojciech Wiewiórowski, could be seen tweeting cautionary advice at one former commissioner, Andrus Ansip (now an MEP) — after the latter publicly eyed up a Bluetooth-powered contacts tracing app deployed in Singapore.
“Please be cautious comparing Singapore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder,” wrote Wiewiórowski.
So it remains to be seen whether pressure will mount for more privacy-intrusive surveillance of EU citizens if regional rates of infection continue to grow.
Dear Mr. Commissioner, please be cautious comparing Singapoore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.
— Wojtek Wiewiorowski (@W_Wiewiorowski) March 27, 2020
As we reported earlier this week, governments or EU institutions seeking to make use of mobile phone data to help with the response to the coronavirus must comply with the EU’s ePrivacy Directive — which covers the processing of mobile location data.
The ePrivacy Directive allows for Member States to restrict the scope of the rights and obligations related to location metadata privacy, and retain such data for a limited time — when such restriction constitutes “a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system” — and a pandemic seems a clear example of a public security issue.
Thing is, the ePrivacy Directive is an old framework. The previous college of commissioners had intended to replace it alongside an update to the EU’s broader personal data protection framework — the General Data Protection Regulation (GDPR) — but failed to reach agreement.
This means there’s some potential mismatch. For example the ePrivacy Directive does not include the same level of transparency requirements as the GDPR.
Perhaps understandably, then, since news of the Commission’s call for carrier metadata emerged concerns have been raised about the scope and limits of the data sharing. Earlier this week, for example, MEP Sophie in’t Veld wrote to Breton asking for more information on the data grab — including querying exactly how the data will be anonymized.
Fighting the #coronavirus with technology: sure! But always with protection of our privacy. Read my letter to @ThierryBreton
about @EU_Commission’s plans to call on telecoms to hand over data from people’s mobile phones in order to track&trace how the virus is spreading. pic.twitter.com/55kZo9bMhN
— Sophie in ‘t Veld (@SophieintVeld) March 25, 2020
The EDPS confirmed to us that the Commission consulted it on the proposed use of telco metadata.
A spokesman for the regulator pointed to a letter sent by Wiewiórowski to the Commission, following the latter’s request for guidance on monitoring the “spread” of COVID-19.
In the letter the EDPS impresses on the Commission the importance of “effective” data anonymization — which means it’s in effect saying a technique that does genuinely block re-identification of the data must be used. (There are plenty of examples of “anonymized” data being shown by researchers to be trivially easy to reidentify; while location data typically includes many easily identified individual tells, such as a home address and workplace address.)
“Effective anonymisation requires more than simply removing obvious identifiers such as phone numbers and IMEI numbers,” warns the EDPS, adding too that aggregated data “can provide an additional safeguard.”
We also asked the Commission for more details on how the data will be anonymized and the level of aggregation that would be used — but it told us it could not provide further information at this stage.
So far we understand that the anonymization and aggregation process will be undertaken before data is transferred by operators to a Commission science and research advisory body, called the Joint Research Centre (JRC) — which will perform the data analytics and modelling.
The results — in the form of predictions of propagation and so on — will then be shared by the Commission with EU Member States authorities. The datasets feeding the models will be stored on secure JRC servers.
The EDPS is equally clear on the Commission’s commitments vis-a-vis securing the data.
“Information security obligations under Commission Decision 2017/464 still apply [to anonymized data], as do confidentiality obligations under the Staff Regulations for any Commission staff processing the information. Should the Commission rely on third parties to process the information, these third parties have to apply equivalent security measures and be bound by strict confidentiality obligations and prohibitions on further use as well,” writes Wiewiórowski.
“I would also like to stress the importance of applying adequate measures to ensure the secure transmission of data from the telecom providers. It would also be preferable to limit access to the data to authorised experts in spatial epidemiology, data protection and data science.”
Data retention — or rather the need for prompt destruction of data sets after the emergency is over — is another key piece of the guidance.
“I also welcome that the data obtained from mobile operators would be deleted as soon as the current emergency comes to an end,” writes Wiewiórowski. “It should be also clear that these special services are deployed because of this specific crisis and are of temporary character. The EDPS often stresses that such developments usually do not contain the possibility to step back when the emergency is gone. I would like to stress that such solution should be still recognised as extraordinary.”
teresting to note the EDPS is very clear on “full transparency” also being a requirement, both of purpose and “procedure.” So we should expect more details to be released about how the data is being effectively rendered unidentifiable.
“Allow me to recall the importance of full transparency to the public on the purpose and procedure of the measures to be enacted,” writes Wiewiórowski. “I would also encourage you to keep your Data Protection Officer involved throughout the entire process to provide assurance that the data processed had indeed been effectively anonymised.”
The EDPS has also requested to see a copy of the data model. At the time of writing the spokesman told us it’s still waiting to receive that.
“The Commission should clearly define the dataset it wants to obtain and ensure transparency towards the public, to avoid any possible misunderstandings,” Wiewiórowski added in the letter.
Powered by WPeMatico
Now you can scroll Instagram together with friends, turning a typically isolating, passive experience into something more social and active. Today Instagram launched Co-Watching, which lets friends on a video chat or group video chat browse through feed posts one user has Liked or Saved, or that Instagram recommends.
Co-Watching could let people ooh, ahh, joke and talk about Instagram’s content instead of just consuming it solo and maybe posting it to a chat thread so friends can do the same. That could lead to long usage sessions, incentivize users to collect a great depository of Saved posts to share and spur more video calls that drag people into the app. TechCrunch first reported Instagram was testing Co-Watching a year ago, so we’ll see if it managed to work out the technical and privacy questions of operating the feature.
The launch comes alongside other COVID-19 responses from Instagram that include:
These updates build on Instagram’s efforts from two weeks ago, which included putting COVID-19 prevention tips atop the feed, listing official health organizations atop search results and demoting the reach of coronavirus-related content rated false by fact checkers.
But Co-Watching will remain a powerful feature long after the quarantines and social distancing end. The ability to co-view content while browsing social networks has already made screensharing app Squad popular. When Squad launched in January 2019, I suggested that, “With Facebook and Snap already sniffing around Squad, it’s quite possible they’ll try to copy it.” Facebook tested a Watch Together feature for viewing Facebook Watch videos inside Messenger back in April. And now here we are with Instagram.
The question is whether Squad’s first-mover advantage and option to screenshare from any app will let it hold its own, or if Instagram Co-Watching will just popularize the concept and send users searching for more flexible options like Squad. “Everyone knows that the content flooding our feeds is a filtered version of reality,” Squad CEO Esther Crawford told me. “The real and interesting stuff goes down in DMs because people are more authentic when they’re 1:1 or in small group conversations.”
Squad, which lets you screenshare anything, including websites and your camera roll, won’t be fully steamrolled. When asked if Instagram would build a full-fledged screensharing feature, Instagram CEO Adam Mosseri said they’re “Not currently working on it . . . screensharing is not at the top of the list for us at Instagram.”
With Co-Watching, Instagram users can spill the tea and gossip about posts live and unfiltered over video chat. When people launch a video chat from the Direct inbox or a chat thread, they’ll see a “Posts” button that launches Co-Watching. They’ll be able to pick from their Liked, Saved or Explore feeds and then reveal it to the video chat, with everyone’s windows lined up beneath the post.
Up to six people can Co-Watch at once on Instagram, consuming feed photos and videos but not IGTV posts. You can share public posts, or private ones that everyone in the chat are allowed to see. If one participant is blocked from viewing a post, it’s ineligible for Co-Watching.
Co-Watching could finally provide an answer to Instagram’s Time Well Spent problem. Research shows how the real danger in social network overuse is passive content consumption, like endless solo feed scrolling. It can inspire envy, poor self-esteem and leave users deflated, especially if the highlights of everyone else’s lives look more interesting than their own day-to-day reality. But active sharing, commenting and messaging can have a positive effect on well-being, making people feel like they have a stronger support network.
With Co-Watching, Instagram has found a way to turn the one-player experience into a multi-player game. Especially now with everyone stuck at home and unable to crowd around one person’s phone to gab about what they see, there’s a great need for this new feature. One concern is that it could be used for bullying, with people all making fun of someone’s posts.
But in general, the idea of sifting through cute animal photos, dance tutorials or epic art could take the focus off the individuals in a video chat. Not having one’s face as the center of attention could make video chat less performative and exhausting. Instead, Co-Watching could let us do apart what we love to do together: just hang out.
Powered by WPeMatico
Israel has passed an emergency law to use mobile phone data for tracking people infected with COVID-19 including to identify and quarantine others they have come into contact with and may have infected.
The BBC reports that the emergency law was passed during an overnight sitting of the cabinet, bypassing parliamentary approval.
Israel also said it will step up testing substantially as part of its respond to the pandemic crisis.
In a statement posted to Facebook, prime minister Benjamin Netanyahu wrote: “We will dramatically increase the ability to locate and quarantine those who have been infected. Today, we started using digital technology to locate people who have been in contact with those stricken by the Corona. We will inform these people that they must go into quarantine for 14 days. These are expected to be large – even very large – numbers and we will announce this in the coming days. Going into quarantine will not be a recommendation but a requirement and we will enforce it without compromise. This is a critical step in slowing the spread of the epidemic.”
“I have instructed the Health Ministry to significantly increase the number of tests to 3,000 a day at least,” he added. “It is very likely that we will reach a higher figure, even up to 5,000 a day. To the best of my knowledge, relative to population, this is the highest number of tests in the world, even higher than South Korea. In South Korea, there are around 15,000 tests a day for a population five or six times larger than ours.”
On Monday an Israeli parliamentary subcommittee on intelligence and secret services discussed a government request to authorize Israel’s Shin Bet security service to assist in a national campaign to stop the spread of the novel coronavirus — but declined to vote on the request, arguing more time is needed to assess it.
Civil liberties campaigners have warned the move to monitor citizens’ movements sets a dangerous precedent.
Netanyahu’s announcement that he intends to bypass parliamentary oversight and implement emergency regulations that authorize the Shin Bet to locate Corona patients actualizes this danger.
— ACRI (@acri_online) March 16, 2020
According to WHO data, Israel had 200 confirmed cases of the coronavirus as of yesterday morning. Today the country’s health ministry reported cases had risen to 427.
Details of exactly how the tracking will work have not been released — but, per the BBC, the location data of people’s mobile devices will be collected from telcos by Israel’s domestic security agency and shared with health officials.
It also reports the health ministry will be involved in monitoring the location of infected people to ensure they are complying with quarantine rules — saying it can also send text messages to people who have come into contact with someone with COVID-19 to instruct them to self isolate.
In recent days Netanyahu has expressed frustration that Israel citizens have not been paying enough mind to calls to combat the spread of the virus via voluntary social distancing.
“This is not child’s play. This is not a vacation. This is a matter of life and death,” he wrote on Facebook. “There are many among you who still do not understand the magnitude of the danger. I see the crowds on the beaches, people having fun. They think this is a vacation.”
“According to the instructions that we issued yesterday, I ask you not leave your homes and stay inside as much as possible. At the moment, I say this as a recommendation. It is still not a directive but that can change,” he added.
Since the Israeli government’s intent behind the emergency mobile tracking powers is to combat the spread of COVID-19 by enabling state agencies to identify people whose movements need to be restricted to avoid them passing the virus to others, it seems likely law enforcement agencies will also be involved in enacting the measures.
That will mean citizens’ smartphones being not just a tool of mass surveillance but also a conduit for targeted containment — raising questions about the impact such intrusive measures might have on people’s willingness to carry mobile devices everywhere they go, even during a pandemic.
Yesterday the Wall Street Journal reported that the US government is considering similar location-tracking technology measures in a bid to check the spread of COVID-19 — with discussions ongoing between tech giants, startups and White House officials on measures that could be taken to monitor the disease.
Last week the UK government also held a meeting with tech companies to ask for their help in combating the coronavirus. Per Wired some tech firms offered to share data with the state to help with contact tracing — although, at the time, the government was not pursuing a strategy of mass restrictions on public movement. It has since shifted position.
Powered by WPeMatico
We need to go hands-off in the age of coronavirus. That means touching fewer doors, elevators, and sign-in iPads. But once a building is using phone-based identity for security, there’s opportunities to speed up access to WIFI networks and printers, or personalize conference rooms and video call set-ups. Keyless office entry startup Proxy wants to deliver all of this while keeping your phone in your pocket.
“The door is just a starting point” Proxy co-founder and CEO Denis Mars tells me. “We’re . . . empowering a movement to take back control of our privacy, our sense of self, our humanity, our individuality.”

With the contagion concerns and security risks of people rubbing dirty, cloneable, stealable key cards against their office doors, investors see big potential in Proxy. Today it’s announcing here a $42 million Series B led by Scale Venture Partners with participation from former funders Kleiner Perkins and Y Combinator plus new additions Silicon Valley Bank and West Ventures.
The raise brings Proxy to $58.8 million in funding so it can staff up at offices across the world and speed up deployments of its door sensor hardware and access control software. “We’re spread thin” says Mars. “Part of this funding is to try to grow up as quickly as possible and not grow for growth sake. We’re making sure we’re secure, meeting all the privacy requirements.”
How does Proxy work? Employers get their staff to install an app that knows their identity within the company, including when and where they’re allowed entry. Buildings install Proxy’s signal readers, which can either integrate with existing access control software or the startup’s own management dashboard.
Employees can then open doors, elevators, turnstiles, and garages with a Bluetooth low-energy signal without having to even take their phone out. Bosses can also opt to require a facial scan or fingerprint or a wave of the phone near the sensor. Existing keycards and fobs still work with Proxy’s Pro readers. Proxy costs about $300 to $350 per reader, plus installation and a $30 per month per reader subscription to its management software.

Now the company is expanding access to devices once you’re already in the building thanks to its SDK and APIs. Wifi router-makers are starting to pre-provision their hardware to automatically connect the phones of employees or temporarily allow registered guests with Proxy installed — no need for passwords written on whiteboards. Its new Nano sensors can also be hooked up to printers and vending machines to verify access or charge expense accounts. And food delivery companies can add the Proxy SDK so couriers can be granted the momentary ability to open doors when they arrive with lunch.
Rather than just indiscriminately beaming your identity out into the world, Proxy uses tokenized credentials so only its sensors know who you are. Users have to approve of new networks’ ability to read their tokens, Proxy has SOC-2 security audit certification, and complies with GDPR. “We feel very strongly about where the biometrics are stored . . . they should stay on your phone” says Mars.
Yet despite integrating with the technology for two-factor entry unlocks, Mars says “We’re not big fans of facial recognition. You don’t want every random company having your face in their database. The face becomes the password you were supposed to change every 30 days.”

Keeping your data and identity safe as we see an explosion of Internet Of Things devices was actually the impetus for starting Proxy. Mars had sold his teleconferencing startup Bitplay to Jive Software where he met his eventually co-founder Simon Ratner, who’d joined after his video annotation startup Omnisio was acquired by YouTube. Mars was frustrated about every IoT lightbulb and appliance wanting him to download an app, set up a profile, and give it his data.
The duo founded Proxy in 2016 as a universal identity signal. Today it has over 60 customers. While other apps want you to constantly open them, Proxy’s purpose is to work silently in the background and make people more productive. “We believe the most important technologies in the world don’t seek your attention. They work for you, they empower you, and they get out of the way so you can focus your attention on what matters most — living your life.”
Now Proxy could actually help save lives. “The nature of our product is contactless interactions in commercial buildings and workplaces so there’s a bit of an unintended benefit that helps prevent the spread of the virus” Mars explains. “We have seen an uptick in customers starting to set doors and other experiences in longer-range hands-free mode so that users can walk up to an automated door and not have to touch the handles or badge/reader every time.”

The big challenge facing Proxy is maintaining security and dependability since it’s a mission-critical business. A bug or outage could potentially lock employees out of their workplace (when they eventually return from quarantine). It will have to keep hackers out of employee files. Proxy needs to stay ahead of access control incumbents like ADT and HID as well as smaller direct competitors like $10 million-funded Nexkey and $28 million-funded Openpath.
Luckily, Proxy has found a powerful growth flywheel. First an office in a big building gets set up, then they convince the real estate manager to equip the lobby’s turnstiles and elevators with Proxy. Other tenants in the building start to use it, so they buy Proxy for their office. Then they get their offices in other cities on board…starting the flywheel again. That’s why Proxy is doubling down on sales to commercial real estate owners.
The question is when Proxy will start knocking on consumers’ doors. While leveling up into the enterprise access control software business might be tough for home smartlock companies like August, Proxy could go down market if it built more physical lock hardware. Perhaps we’ll start to get smart homes that know who’s home, and stop having to carry pointy metal sticks in our pockets.
Powered by WPeMatico
The underpinnings of how app store analytics platforms operate were exposed this week by BuzzFeed, which uncovered the network of mobile apps used by popular analytics firm Sensor Tower to amass app data. The company had operated at least 20 apps, including VPNs and ad blockers, whose main purpose was to collect app usage data from end users in order to make estimations about app trends and revenues. Unfortunately, these sorts of data collection apps are not new — nor unique to Sensor Tower’s operation.
Sensor Tower was found to operate apps such as Luna VPN, for example, as well as Free and Unlimited VPN, Mobile Data and Adblock Focus, among others. After BuzzFeed reached out, Apple removed Adblock Focus and Google removed Mobile Data. Others are still being investigated, the report said.

Apps’ collection of usage data has been an ongoing issue across the app stores.
Facebook and Google have both operated such apps, not always transparently, and Sensor Tower’s key rival App Annie continues to do the same today.
For Facebook, its 2013 acquisition of VPN app maker Onavo for years served as a competitive advantage. The traffic through the app gave Facebook insight into which other social applications were growing in popularity — so Facebook could either clone their features or acquire them outright. When Apple finally booted Onavo from the App Store half a decade later, Facebook simply brought back the same code in a new wrapper — then called the Facebook Research app. This time, it was a bit more transparent about its data collection, as the Research app was actually paying for the data.
But Apple kicked out that app, too. So Facebook last year launched Study and Viewpoints to further its market research and data collection efforts. These apps are still live today.
Google was also caught doing something similar by way of its Screenwise Meter app, which invited users 18 and up (or 13 if part of a family group) to download the app and participate in the panel. The app’s users allowed Google to collect their app and web usage in exchange for gift cards. But like Facebook, Google’s app used Apple’s Enterprise Certificate program to work — a violation of Apple policy that saw the app removed, again following media coverage. Screenwise Meter returned to the App Store last year and continues to track app usage, among other things, with panelists’ consent.
App Annie
App Annie, a firm that directly competes with Sensor Tower, has acquired mobile data companies and now operates its own set of apps to track app usage under those brands.
In 2014, App Annie bought Distimo, and as of 2016 has run Phone Guardian, a “secure Wi-Fi and VPN” app, under the Distimo brand.

The app discloses its relationship with App Annie in its App Store description, but remains vague about its true purpose:
“Trusted by more than 1 million users, App Annie is the leading global provider of mobile performance estimates. In short, we help app developers build better apps. We build our mobile performance estimates by learning how people use their devices. We do this with the help of this app.”
In 2015, App Annie acquired Mobidia. Since 2017, it has operated real-time data usage monitor My Data Manager under that brand, as well. The App Store description only offers the same vague disclosure, which means users aren’t likely aware of what they’re agreeing to.

Disclosure?
The problem with apps like App Annie’s and Sensor Tower’s is that they’re marketed as offering a particular function, when their real purpose for existing is entirely another.
The app companies’ defense is that they do disclose and require consent during onboarding. For example, Sensor Tower apps explicitly tell users what is collected and what is not:

App Annie’s app offers a similar disclosure, and takes the extra step of identifying the parent company by name:

App Annie also says its apps can continue to be used even if data sharing is turned off.
Despite these opt-ins, end users may still not understand that their VPN app is actually tied to a much larger data collection operation, however anonymized that data may be. After all, App Annie and Sensor Tower aren’t household names (unless you’re an app publisher or marketer.)
Apple and Google’s responsibility
Apple and Google, let’s be fair, are also culpable here.
Of course, Google is more pro-data collection because of the nature of its own business as an advertising-powered company. (It even tracks users in the real world via the Google Maps app.)
Apple, meanwhile, markets itself as a privacy-focused company, so is deserving of increased scrutiny.
It seems unfathomable that, following the Onavo scandal, Apple wouldn’t have taken a closer look into the VPN app category to ensure its apps were compliant with its rules and transparent about the nature of their businesses. In particular, it seems Apple would have paid close attention to apps operated by companies in the app store intelligence business, like App Annie and its subsidiaries.
Apple is surely aware of how these companies acquire data — it’s common industry knowledge. Plus, App Annie’s acquisitions were publicly disclosed.
oh wait! pic.twitter.com/ktVc6E9t1f
— Will Strafach (@chronic) March 10, 2020
But Apple is conflicted. It wants to protect app usage and user data (and be known for protecting such data) by not providing any broader app store metrics of its own. However, it also knows that app publishers need such data to operate competitively on the App Store. So instead of being proactive about sweeping the App Store for data collection utilities, it remains reactive by pulling select apps when the media puts them on blast, as BuzzFeed’s report has since done. That allows Apple to maintain a veil of innocence.
But pulling user data directly covertly is only one way to operate. As Facebook and Google have since realized, it’s easier to run these sorts of operations on the App Store if the apps just say, basically, “this is a data collection app,” and/or offer payment for participation — as do many marketing research panels. This is a more transparent relationship from a consumer’s perspective too, as they know they’re agreeing to sell their data.
Meanwhile, Sensor Tower and App Annie competitor Apptopia says it tested then scrapped its own ad blocker app around six years ago, but claims it never collected data with it. It now favors getting its data directly from its app developer customers.
“We can confidently state that 100% of the proprietary data we collect is from shared App Analytics Accounts where app developers proactively and explicitly share their data with us, and give us the right to use it for modeling,” stated Apptopia co-founder and COO, Jonathan Kay. “We do not collect any data from mobile panels, third-party apps or even at the user/device level.”
This system (which is used by the others as well) isn’t necessarily a solution for end users concerned about data collection, as it further obscures the collection and sharing process. Generally, consumers don’t know which app developers are sharing this data, what data is being shared, or how it’s being utilized. App data of this nature isn’t on the user level (meaning it’s not personal data), but it’s still about reporting back to the developer things like installs, daily and monthly users, and revenue, among other things. (Fortunately, Apple allows users to disable the sharing of some diagnostic and usage data from within iOS Settings.)
Data collection done by app analytics firms is only one of many, many ways that apps leak data, however.
In fact, many apps collect personal data — including data that’s far more sensitive than anonymized app usage trends — by way of their included SDKs (software development kits). These tools allow apps to share data with numerous technology companies, including ad networks, data brokers and aggregators, both large and small. It’s not illegal, and mainstream users probably don’t know about this either.
Instead, user awareness seems to crop up through conspiracy theories, like “Facebook is listening through the microphone,” without realizing that Facebook collects so much data it doesn’t really need to do so. (Well, except when it does).
In the wake of BuzzFeed’s reporting, Sensor Tower says it’s “taking immediate steps to make Sensor Tower’s connection to our apps perfectly clear, and adding even more visibility around the data their users share with us.”
Google isn’t providing an official comment. Apple didn’t respond to requests for comment.
Sensor Tower’s full statement is below:
Our business model is predicated on high-level, macro app trends. As such, we do not collect or store any personally identifiable information (PII) about users on our servers or elsewhere. In fact, based on the way our apps are designed, such data is separated before we could possibly view or interact with it, and all we see are ad creatives being served to users. What we do store is extremely high level, aggregated advertising data that may demonstrate trends that we share with customers.
Our privacy policy follows best practices and makes our data use clear. We want to reiterate that our apps do not collect any PII, and therefore it cannot be shared with any other entity, Sensor Tower or otherwise. We’ve made this very clear in our privacy policy, which users actively opt into during the apps’ onboarding processes after being shown an unambiguous disclaimer detailing what data is shared with us. As a routine matter, and as our business evolves, we’ll always take a privacy-centric approach to new features to help ensure that any PII remains uncollected and is fully safeguarded.
Based on the feedback we’ve received, we’re taking immediate steps to make Sensor Tower’s connection to our apps perfectly clear, and adding even more visibility around the data their users share with us.
App Annie shared the below statement, referencing the root certificate installations mentioned in the BuzzFeed article. (On iOS devices, VPN certificates don’t get full root access, however):
App Annie does not use root certificates at any point in its data collection process.
App Annie discloses that when users opt into data collection (and data sharing is not mandatory to use our apps), data will be shared with App Annie for the purposes of creating market research. We only collect data after users expressly consent to this collection within our apps. We are very transparent, both on the app stores and in the apps themselves and clearly connect App Annie to our mobile apps.
Powered by WPeMatico
The FCC has officially and finally determined that the major wireless carriers in the U.S. broke the law by secretly selling subscribers’ location data for years with almost no constraints or disclosure. But its Commissioners decry the $208 million penalty proposed to be paid by these enormously rich corporations, calling it “not properly proportioned to the consumer harms suffered.”
Under the proposed fines, T-Mobile would pay $91M; AT&T, $57M; Verizon, $48M; and Sprint, $12M. (Disclosure: TechCrunch is owned by Verizon Media. This does not affect our coverage in the slightest.)
The case has stretched on for more than a year and a half after initial reports that private companies were accessing and selling real-time subscriber location data to anyone willing to pay. Such a blatant abuse of consumers’ privacy caused an immediate outcry, and carriers responded with apparent chagrin — but often failed to terminate or even evaluate these programs in a timely fashion. It turns out they were run with almost no oversight at all, with responsibility delegated to the third party companies to ensure compliance.
Meanwhile the FCC was called on to investigate the nature of these offenses, and spent more than a year doing so in near-total silence, with even its own Commissioners calling out the agency’s lack of communication on such a serious issue.
Finally, in January, FCC Chairman Ajit Pai — who, it really must be noted here, formerly worked for one of the main companies implicated, Securus — announced that the investigation had found the carriers had indeed violated federal law and would soon be punished.
Today brings the official documentation of the fines, as well as commentary from the Commission. In the documents, the carriers are described as not only doing something bad, but doing it poorly — and especially in T-Mobile’s case, continuing to do it well after they said they’d stop:
We find that T-Mobile apparently disclosed its customers’ location information, without their consent, to third parties who were not authorized to receive it. In addition, even after highly publicized incidents put the Company on notice that its safeguards for protecting customer location information were inadequate, T-Mobile apparently continued to sell access to its customers’ location information for the better part of a year without putting in place reasonable safeguards—leaving its customers’ data at unreasonable risk of unauthorized disclosure
The general feeling seems to be that while it’s commendable to recognize this violation and propose what could be considered substantial fines, the whole thing is, as Commissioner Rosenworcel put it, “a day late and a dollar short.”
The scale of the fines, they say, has little to do with the scale of the offenses — and that’s because the investigation did not adequately investigate or attempt to investigate the scale of those offenses. As Commissioner Starks writes in a lengthy statement:
After all these months of investigation, the Commission still has no idea how many consumers’ data was mishandled by each of the carriers.
We had the power—and, given the length of this investigation, the time—to compel disclosures that would help us understand the true scope of the harm done to consumers. Instead, the Notices calculate the forfeiture based on the number of contracts between the carriers and location aggregators, as well as the number of contracts between those aggregators and third-party location-based service providers. That is a poor and unnecessary proxy for the privacy harm caused by each carrier, each of which has tens of millions of customers that likely had their personal data abused.
Essentially, the FCC didn’t even look at the number or nature of actual harm — it just asked the carriers to provide the number of contracts entered into. As Starks points out, one such contract can and did sometimes represent thousands of individual privacy invasions.
We know there are many—perhaps millions—of additional victims, each with their own harms. Unfortunately, based on the investigation the FCC conducted, we don’t even know how many there were, and the penalties we propose today do not reflect that impact.
And why not go after the individual companies? Securus, Starks says, “behaved outrageously.” But they’re not being fined at all. Even if the FCC lacked the authority to do so, it could have handed off the case to Justice or local authorities that could determine whether these companies violated other laws.
As Rosenworcel notes in her own statement, the fines are also extraordinarily generous even beyond this minimal method of calculating harm:
The agency proposes a $40,000 fine for the violation of our rules—but only on the first day. For every day after that, it reduces to $2,500 per violation. The FCC heavily discounts the fines the carriers potentially owe under the law and disregards the scope of the problem. On top of that, the agency gives each carrier a thirty-day pass from this calculation. This thirty day “get-out-of-jail-free” card is plucked from thin air.
Given that this investigation took place over such a long period, it’s strange that it did not seek to hear from the public or subpoena further details from the companies facilitating the violations. Meanwhile the carriers sought to declare a huge proportion of their responses to the FCC’s questions confidential, including publicly available information, and the agency didn’t question these assertions until Starks and Rosenworcel intervened.
$200M sounds like a lot, but divided among several billion-dollar communications organizations it’s peanuts, especially when you consider that these location-selling agreements may have netted far more than that in the years they were active. Only the carriers know exactly how many times their subscribers’ privacy was violated, and how much money they made from that abuse. And because the investigation has ended without the authority over these matters asking about it, we likely never will know.
The proposed fines, called a Notice of Apparent Liability, are only a tentative finding, and the carriers have 30 days to respond or ask for an extension — the latter of which is the more likely. Once they respond (perhaps challenging the amount or something else) the FCC can take as long as it wants to come up with a final fine amount. And once that is issued, there is no requirement that the fine actually be collected — and the FCC has in fact declined to collect before once the heat died down, though not with a penalty of this scale.
“While I am glad the FCC is finally proposing fines for this egregious behavior, it represents little more than the cost of doing business for these carriers,” Congressman Frank Pallone (D-NJ) said in a statement. “Further, the Commission is still a long way from collecting these fines and holding the companies fully accountable.”
The only thing that led to this case being investigated at all was public attention, and apparently public attention is necessary to ensure the federal government follows through on its duties.
(This article has been substantially updated with new information, plus comments from Commissioner Starks and Rep. Pallone.)
Powered by WPeMatico
Facebook’s messaging app for families with children, Messenger Kids, is being updated today with new tools and features to give parents more oversight and control over their kids’ chats. Now, parents will be able to see who a child is chatting with and how often, view recent photos and videos sent through chat, access the child’s reported and block list, remotely log out of the app on other devices and download the child’s chats, images and videos, both sent and received. The company is also introducing a new blocking mechanism and has updated the app’s Privacy Policy to include additional information about data collection, use and deletion practices.
The Messenger Kids app was first introduced in late 2017 as a way to give kids a way to message friends and family with parental oversight. It arrived at a time when kids were already embracing messaging — but were often doing so on less controlled platforms, like Kik, which attracted predators. Messenger Kids instead allows the child’s parents to determine who the child can chat with and when, through built-in parental controls.

In our household, for example, it became a convenient tool for chatting with relatives, like grandparents, aunts, uncles and cousins, as well as a few trusted friends, whose parents I knew well.
But when it came time to review the chats, a lot of scrolling back was involved.
The new Messenger Kids features will help with the oversight aspects for those parents who allow their kids to online chat. That decision, of course, is a personal one. Some parents don’t want their kids to have smartphones and outright ban apps, particularly ones that allow interactions. Others, myself included, believe that teaching kids to navigate the online world is part of your parental responsibility. And despite Facebook’s reputation, there aren’t other chat apps offering these sort of parental controls — or the convenience of being able to add everyone in your family to a child’s chat list with ease. (After all, grandma and grandpa are already on Facebook and Messenger, but getting them to download new apps remains difficult.)
In the updated app, parents will be able to see who a child has been chatting with, and whether that’s text or video chat, over the past 30 days. This can save parents’ time, as they may not feel the need to review chat with trusted family members, for instance, so can redirect their focus and energy on reviewing the chats with friends. A log of images will help parents to see if all images and videos being sent and received are appropriate, and remove them or block them if not.

Parents also can now see if a child has blocked or reported a user in the app, or if they’ve unblocked them. This could be useful for identifying those problematic friends — the kind who sometimes cause trouble, but are later forgiven, then unblocked. (Anyone who’s dealt with tween-age drama can attest to the fact that there’s one in every group!) By gaining access to this information, parents can sit down with the child to talk about when to take that step and block someone, and when a disagreement with a friend can instead be worked out. These are decisions that a child will have to make on their own one day, so being able to use this as a teaching moment is useful.
With the update, unblocking is supported and parents are still able to review chats with blocked contacts. However, blocked contacts will remain visible to one another and will stay in shared group chats. They just aren’t able to message one-on-one. Kids are warned if they return to or are added to chats with blocked contacts. (If parents want a full block, they can just remove the blocked contact from the child’s contact list, as before.)

Remote device logout lets you make sure the child is logged out of Messenger Kids on devices you can’t physically access and control — like a misplaced phone. And the option to download the child’s information, similar to Facebook’s feature, lets you download a copy of everything — messages, images and videos. This could be a way to preserve their chat history when the child outgrows the app.

The Messenger Kids’ privacy policy was updated, as well, to better detail the information being collected. The app also attempts to explain this in plain language to the kids, using cute photos. In reality, parents should read the policy for themselves and make a decision, accordingly.
The app collects a lot of information — including names, profile photos, demographic details (gender and birthday), a child’s connection to parents, contacts’ information (like most frequent contacts), app usage information, device attributes and unique identifiers, data from device settings (like time zones or access to camera and photos), network information and information provided from things like bug reports or feedback/contact forms.
To some extent, this information is needed to help the app properly operate or to alert parents about a child’s activities. But the policy includes less transparent language about the collected information being used to “evaluate, troubleshoot, improve, create, and develop our products” or being shared with other Facebook Companies. There’s a lot of wiggle room there for extensive data collection on Facebook’s part. Service providers offering technical infrastructure and support, like a content delivery network or customer service, may also gain access to collected information, but must adhere to “strict data confidentiality and security obligations,” the policy claims, without offering further details on what those are.

Despite its lengthiness, the policy leaves plenty of room for Facebook to collect private information and share it. If you have a Facebook account, you’ve already agreed to this sort of “deal with the devil” for yourself, in order to benefit from Facebook’s free service. But parents need to strongly consider if they’re comfortable making the same decision for their children.
The policy also describes things Facebook plans to roll out later, when Messenger Kids is updated to support older kids. As kids enter tween to teen years, parents may want to loosen the reigns a bit. The new policy will cover those changes, as well.
It’s unfortunate that the easiest tool, and the one with the best parental controls, is coming from Facebook. The market is ripe for a disruptor in the kids’ space, but there’s not enough money in that, apparently. Facebook, of course, sees the potential of getting kids hooked early and can invest in a product that isn’t directly monetized. Few companies can afford to do this, but Apple would be the best to take Facebook on in this area.
Apple’s iMessage is a large, secure and private platform — but it lacks these advanced parental controls, as well as the other bells and whistles (like built-in AR filters) that make the Messenger Kids app fun. Critically, it doesn’t work across non-Apple devices, which will always be a limiter when it comes to finding an app that the extended family can use together.
To be clear, there is no way to stop Facebook from vacuuming up the child’s information except to delete the child’s Messenger Kids Account through the Facebook Help Center. So consider your choices wisely.
Powered by WPeMatico
Online commerce accounted for nearly $518 billion in revenue in the United States alone last year. The growing number of online marketplaces like Amazon and eBay will command 40% of the global retail market in 2020. As the number of digital offerings — not only marketplaces but also online storefronts and company websites — available to consumers continues to grow, the primary challenge for any online platform lies in setting itself apart.
The central question for how to accomplish this: Where does differentiation matter most?
A customer’s ability to easily (and accurately) find a specific product or service with minimal barriers helps ensure they feel satisfied and confident with their choice of purchase. This ultimately becomes the differentiator that sets an online platform apart. It’s about coupling a stellar product with an exceptional experience. Often, that takes the form of simple, searchable access to a wide variety of products and services. Sometimes, it’s about surfacing a brand that meets an individual consumer’s needs or price point. In both cases, platforms are in a position to help customers avoid having to chase down a product or service through multiple clicks while offering a better way of comparing apples to apples.
To be successful, a company should adopt a consumer-first philosophy that informs its product ideation and development process. A successful consumer-first development resides in a company’s ability to expediently deliver fresh features that customers actually respond to, rather than prioritize the update that seems most profitable. The best way to inform both elements is to consistently collect and learn from customer feedback in a timely way — and sometimes, this will mean making decisions for the benefit of consumers versus what is in the best interest of companies.
Powered by WPeMatico
More than a year and a half after wireless carriers were caught red-handed selling the real-time location data of their customers to anyone willing to pay for it, the FCC has determined that they committed a crime. An official documentation of exactly how these companies violated the law is forthcoming.
FCC Chairman Ajit Pai shared his finding in a letter to Congressman Frank Pallone (D-NJ), who chairs the Energy and Commerce Committee that oversees the agency, and others in the House. Rep. Pallone and his colleagues have been active on this and prodded the FCC for updates throughout last year, eventually prompting today’s letter.
“I wish to inform you that the FCC’s Enforcement Bureau has completed its extensive investigation and that it has concluded that one or more wireless carriers apparently violated federal law,” Pai wrote.
Extensive it must have been, since we first heard of this egregious breach of privacy in May of 2018, when multiple reports showed that every major carrier (including TechCrunch’s parent company Verizon) was selling precise location data wholesale to resellers who then either resold it or gave it away. It took nearly a year for the carriers to follow through on their promises to stop the practice. And now, 18 months later, we get the first real indication that regulators took notice.
“It’s a shame that it took so long for the FCC to reach a conclusion that was so obvious,” said Commissioner Jessica Rosenworcel in a statement issued alongside the chairman’s letter. She has repeatedly brought up the issue in the interim, seemingly baffled that such a large-scale and obvious violation was going almost completely unacknowledged by the agency.
Commissioner Brendan Starks echoed her sentiment in his own statement: “These pay-to-track schemes violated consumers’ privacy rights and endangered their safety. I’m glad we may finally act on these egregious allegations. My question is: what took so long?”
Chairman Pai’s letter explains that “in the coming days” he will be proposing a “Notice of Apparent Liability for Forfeiture,” for several of them. This complicated-sounding document is basically the official declaration, with evidence and legal standing, that someone has violated FCC rules and may be subject to a “forfeiture,” essentially a fine.
Right now that is all the information anyone has, including the other commissioners, but the arrival of the notice will no doubt make things much clearer — and may help show exactly how seriously the agency took this problem and when it began to take action.
Representative Pallone issued the following statement after receiving the letter:
Following our longstanding calls to take action, the FCC finally informed the Committee today that one or more wireless carriers apparently violated federal privacy protections by turning a blind eye to the widespread disclosure of consumers’ real-time location data. This is certainly a step in the right direction, but I’ll be watching to make sure the FCC doesn’t just let these lawbreakers off the hook with a slap on the wrist.
Disclosure: TechCrunch is owned by Verizon Media, a subsidiary of Verizon Wireless, but this has no effect on our coverage.
Powered by WPeMatico