Data Digest № 013
Welcome back to the 13th edition of the Data Digest, where I (try to) sum up the week in the space of data. This week starts with a shameless promotion of our Web 3 release, and then dives right into the good stuff of re-identifying anonymized data, Russian spy apps, trust busters, FTC fines, and more. Enjoy!
Your Key to Web 3
I’m proud to announce that we just released the Web 3 version of Datawallet. It’s a pretty cool piece of tech. With completely encrypted data sourcing, storing, plus a personal API, where you can manage your data and permission it for applications to run locally on your own device, without anyone but the user managing and touching the data. While this is still an early Beta version, this truly is the future of the internet — 0 data emissions.
Anonymized Data Won’t Protect You
Scientists from Imperial College London have uncovered that they can identify 99.8% of Americans from almost any available data set with as few as 15 attributes. Even though data de-identification is in part a government mandated requirement and part best practice, many commonly used anonymization techniques originated in the 1990s, before the Internet’s rapid development made it possible to collect enormous amounts of data. This discrepancy, as well as the increase in computing power, makes it comparatively easy to re-identify individuals from these data sets, as shown by this paper.
The fact that only 15 attributes are required for such re-identification becomes shocking when you consider that in 2017 a marketing analytics company was scrutinized for accidentally publishing an anonymized data set that contained 248 attributes for each of 123 million American households.Yves-Alexandre de Montjoye, the lead author of the paper, commented in the NYT that “There are mountains of anonymized data circulating worldwide, all of it at risk…We are at a point where we know a risk exists and count on people saying they don’t care about privacy. It’s insane.”
“Anonymous” Data Won’t Protect Your Identity
Russian surveillance-ware has infiltrated phones with fake apps disguised as legitimate software from Google, Pornhub, Skype and others. The disguise, dubbed Monokle, was allegedly developed by the Special Technology Center (STC) in St. Petersburg with ties to the Main Intelligence Directorate (GRU), according to a report from security firm Lookout. Utilizing pretty much every trick in the book, the spyware can snatch account passwords, record and eavesdrop on conversations and phone calls, take photos and videos, download files, keylog interactions, delete arbitrary files, retrieve contacts, and even filter messages from apps like WhatsApp, Instagram, Skype, and other messengers.
Russians peddled spyware disguised as legit Google and Pornhub apps
David and Goliath
On Tuesday the Justice Department said it would begin the painstaking task of an antitrust review into how internet giants had accumulated market power, and how to lend a helping hand to the dying competition. The F.T.C., who share responsibility with the Justice Department are arranging similar inquiries. These kind of processes are an important step towards developing a new federal privacy framework which is desperately needed to change the current data ecosystem and lay the legal foundation to place consumers in charge of their own data.
Justice Department Opens Antitrust Review of Big Tech Companies (Published 2019)
Fines Fines Fines
A year long FTC investigation of the 2017 Equifax breach that exposed over 147 million people’s personal information, including names, birth dates, addresses, and social security numbers has concluded and fines levied on the firm could rise up to $700 million, depending on the amount victims claim. The company agreed to provide free credit monitoring services for up to 10 years as well as compensation of up to $20,000 per person, with a minimum of $125. An interesting number considering it determines the “value of data” assigning a remediation cost to each data record, including consumer notification, legal fees and more. Avoiding these fines is becoming commonplace in the industry. With our Web 3 release, we hope to show that there is a future in which these types of hacks are not just redundant, but practically impossible. As shown by the Equifax hack, getting there as soon as possible is extremely urgent.
If you were subject to the Equifax hack, you can use this website to file a claim:
Equifax Data Breach Settlement | Am I Affected?
Equifax agrees to settlement of up to $700 million over 2017 data breach
Unauthorized Chats On Messenger Kids
A bug on Facebook Messenger Kids led children to talk to strangers online. The unique permissions applied in group chats meant whoever launched the group could invite any user who was authorized to chat with them, even if that user wasn’t authorized to chat with the other children in the group. As a result, thousands of children were left in chats with unauthorized users. A huge violation of the core promise of Facebook Messenger Kids, the bug left parents feeling terrified and helpless about who their children are talking to online.
Facebook design flaw let thousands of kids join chats with unauthorized users
Facebook Left Untouched
In the aftermath of the F.T.C. settlement with Facebook, negotiations seem to have lapsed. Chairman Simons, who has been rallying for a new law for months stated on the matter,
“Our authority in these types of cases is quite limited, which is why we have encouraged Congress to consider federal privacy legislation,” Simons said. “But for now, the only real-world choice here was to take a historic settlement that provides immediate and important protection to American consumers, or wait for years to get far less relief. Not really much of a choice at all,”
While investors celebrate, rattled democrats are calling the fines a ‘joke’ and a mere ‘slap on the wrist’. Which is true. The fines barely dented the companies stock price.
What I'm Reading:
Facebook code allowed partners 'continued data access' despite shutdown | Engadget
Calls Mount to Ease Big Tech’s Grip on Your Data (Published 2019)
In Hong Kong Protests, Faces Become Weapons (Published 2019)
That’s it for this week. See you next Friday!
SerafinData Digest Consumer PrivacyDatawallet Data Misuse Data Breaches Industry Trends