Data Digest № 013

Data Digest ¦ July 25th, 2019, 11:00 pm

Welcome back to the 13th edition of the Data Digest, where I (try to) sum up the week in the space of data. This week starts with a shameless promotion of our Web 3 release, and then dives right into the good stuff of re-identifying anonymized data, Russian spy apps, trust busters, FTC fines, and more. Enjoy!

Your Key to Web 3

I’m proud to announce that we just released the Web 3 version of Datawallet. It’s a pretty cool piece of tech. With completely encrypted data sourcing, storing, plus a personal API, where you can manage your data and permission it for applications to run locally on your own device, without anyone but the user managing and touching the data. While this is still an early Beta version, this truly is the future of the internet — 0 data emissions.

Anonymized Data Won’t Protect You

Scientists from Imperial College London have uncovered that they can identify 99.8% of Americans from almost any available data set with as few as 15 attributes. Even though data de-identification is in part a government mandated requirement and part best practice, many commonly used anonymization techniques originated in the 1990s, before the Internet’s rapid development made it possible to collect enormous amounts of data. This discrepancy, as well as the increase in computing power, makes it comparatively easy to re-identify individuals from these data sets, as shown by this paper.

The fact that only 15 attributes are required for such re-identification becomes shocking when you consider that in 2017 a marketing analytics company was scrutinized for accidentally publishing an anonymized data set that contained 248 attributes for each of 123 million American households.Yves-Alexandre de Montjoye, the lead author of the paper, commented in the NYT that “There are mountains of anonymized data circulating worldwide, all of it at risk…We are at a point where we know a risk exists and count on people saying they don’t care about privacy. It’s insane.”

“Anonymous” Data Won’t Protect Your Identity

A new study demonstrates it is surprisingly easy to ID an individual within a supposedly incognito data set

Russian Spyware

Russian surveillance-ware has infiltrated phones with fake apps disguised as legitimate software from Google, Pornhub, Skype and others. The disguise, dubbed Monokle, was allegedly developed by the Special Technology Center (STC) in St. Petersburg with ties to the Main Intelligence Directorate (GRU), according to a report from security firm Lookout. Utilizing pretty much every trick in the book, the spyware can snatch account passwords, record and eavesdrop on conversations and phone calls, take photos and videos, download files, keylog interactions, delete arbitrary files, retrieve contacts, and even filter messages from apps like WhatsApp, Instagram, Skype, and other messengers.

Russians peddled spyware disguised as legit Google and Pornhub apps

Researchers say a Russian software firm fined by Obama for meddling in the 2016 US elections is making spyware disguised as legit Google and Pornhub apps.

David and Goliath

On Tuesday the Justice Department said it would begin the painstaking task of an antitrust review into how internet giants had accumulated market power, and how to lend a helping hand to the dying competition. The F.T.C., who share responsibility with the Justice Department are arranging similar inquiries. These kind of processes are an important step towards developing a new federal privacy framework which is desperately needed to change the current data ecosystem and lay the legal foundation to place consumers in charge of their own data.

Justice Department Opens Antitrust Review of Big Tech Companies (Published 2019)

The agency said it would look into concerns about anticompetitive behavior by some of the industry’s biggest companies.

Fines Fines Fines

A year long FTC investigation of the 2017 Equifax breach that exposed over 147 million people’s personal information, including names, birth dates, addresses, and social security numbers has concluded and fines levied on the firm could rise up to $700 million, depending on the amount victims claim. The company agreed to provide free credit monitoring services for up to 10 years as well as compensation of up to $20,000 per person, with a minimum of $125. An interesting number considering it determines the “value of data” assigning a remediation cost to each data record, including consumer notification, legal fees and more. Avoiding these fines is becoming commonplace in the industry. With our Web 3 release, we hope to show that there is a future in which these types of hacks are not just redundant, but practically impossible. As shown by the Equifax hack, getting there as soon as possible is extremely urgent.

If you were subject to the Equifax hack, you can use this website to file a claim:

Equifax Data Breach Settlement | Am I Affected?

Your personal information may have been impacted by this breach. Find out here if you are affected. If so, then file a claim for benefits.

Equifax agrees to settlement of up to $700 million over 2017 data breach

It will have to pay as much as $20,000 per person

Unauthorized Chats On Messenger Kids

A bug on Facebook Messenger Kids led children to talk to strangers online. The unique permissions applied in group chats meant whoever launched the group could invite any user who was authorized to chat with them, even if that user wasn’t authorized to chat with the other children in the group. As a result, thousands of children were left in chats with unauthorized users. A huge violation of the core promise of Facebook Messenger Kids, the bug left parents feeling terrified and helpless about who their children are talking to online.

Facebook design flaw let thousands of kids join chats with unauthorized users

"We recently notified some parents... about a technical error," Facebook said

Facebook Left Untouched

In the aftermath of the F.T.C. settlement with Facebook, negotiations seem to have lapsed. Chairman Simons, who has been rallying for a new law for months stated on the matter,

“Our authority in these types of cases is quite limited, which is why we have encouraged Congress to consider federal privacy legislation,” Simons said. “But for now, the only real-world choice here was to take a historic settlement that provides immediate and important protection to American consumers, or wait for years to get far less relief. Not really much of a choice at all,”

While investors celebrate, rattled democrats are calling the fines a ‘joke’ and a mere ‘slap on the wrist’. Which is true. The fines barely dented the companies stock price.

Why wasn’t the FTC harder on Facebook?

We need a federal privacy law

What I'm Reading:

Facebook code allowed partners 'continued data access' despite shutdown | Engadget

Facebook is embroiled in yet another data privacy debacle even as it's settling with the government over past actions. In a statement acknowledging its FTC settlement, the company revealed that its code had allowed "continued data access" to 12 partners even after it had wound down integrations in late 2018. It only discovered this after an unnamed party warned it about a bug and prompted an investigation. Moreover, Microsoft and Sony still had access to "limited types" of friend data for previously known features, such as Facebook access on the PS3 and PS Vita as well as syncing friends' contact info with another service.

Calls Mount to Ease Big Tech’s Grip on Your Data (Published 2019)

The wealth of some tech giants is built on harvesting and commercializing personal data. Advocates for a new deal on data are gaining momentum.

In Hong Kong Protests, Faces Become Weapons (Published 2019)

A quest to identify protesters and police officers has people in both groups desperate to protect their anonymity. Some fear a turn toward China-style surveillance.

That’s it for this week. See you next Friday!



Get the Data Digest in your inbox