Digital rights activist Esra’a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she’s made it her mission to surveil the companies providing surveillanceware, their customers, and their funders.

“You cannot resist what you do not know, and the more you know, the better you can protect yourself and resist against the normalization of mass surveillance today,” she told The Register.

To this end, the Mozilla fellow founded Surveillance Watch last year. It’s an interactive map that documents the growing number of surveillance software providers, which regions use the various products, and the investors funding them. Since its launch, the project has grown from mapping connections between 220 spyware and surveillance entities to 695 today.

These include the very well known spy tech like NSO Group’s Pegasus and Cytrox’s Predator, both famously used to monitor politicians, journalists and activists in the US, UK, and around the world.

They also include companies with US and UK government contracts, like Palantir, which recently inked a $10 billion deal with the US Army and pledged a £1.5 billion ($2 billion) investment in the UK after winning a new Ministry of Defense contract. Then there’s Paragon, an Israeli company with a $2 million Immigration and Customs Enforcement (ICE) contract for its Graphite spyware, which lets law enforcement hack smartphones to access content from encrypted messaging apps once the device is compromised.

Even LexisNexis made the list. “People think of LexisNexis and academia,” Al Shafei said. “They don’t immediately draw the connection to their product called Accurint, which collects data from both public and non-public sources and offers them for sale, primarily to government agencies and law enforcement.”

Accurint compiles information from government databases, utility bills, phone records, license plate tracking, and other sources, and it also integrates analytics tools to create detailed location mapping and pattern recognition.

“And they’re also an ICE contractor, so that’s another company that you wouldn’t typically associate with surveillance, but they are one of the biggest surveillance agencies out there,” Al Shafei said.

It also tracks funders. Paragon’s spyware is boosted by AE Industrial Partners, a Florida-based investment group specializing in “national security” portfolios. Other major backers of surveillance technologies include CIA-affiliated VC firm In-Q-Tel, Andreessen Horowitz (also known as a16z), and mega investment firm BlackRock.

This illustrates another trend: It’s not just authoritarian countries using and investing in these snooping tools. In fact, America now leads the world in surveillance investment, with the Atlantic Council think tank identifying 20 new US investors in the past year.

[…]

They know who you are’

The Surveillance Watch homepage announces: “They know who you are. It’s time to uncover who they are.”

It’s creepy and accurate, and portrays all of the feelings that Al Shafei has around her spyware encounters. Her Majal team has “faced persistent targeting by sophisticated spyware technologies, firsthand, for a very long time, and this direct exposure to surveillance threats really led us to launch Surveillance Watch,” she said. “We think it’s very important for people to understand exactly how they’re being surveilled, regardless of the why.”

The reality is, everybody – not just activists and politicians – is subject to surveillance, whether it’s from smart-city technologies, Ring doorbell cameras, or connected cars. Users will always choose simplicity over security, and the same can be said for data privacy.

“We want to show that when surveillance goes not just unnoticed, but when we start normalizing it in our everyday habits, we look at a new, shiny AI tool, and we say, ‘Yes, of course, take access to all my data,'” Al Shafei said. “There’s a convenience that comes with using all of these apps, tracking all these transactions, and people don’t realize that this data can and does get weaponized against you, and not just against you, but also your loved ones.”

Source: Mozilla fellow Esra’a Al Shafei watches the watchers • The Register

Privacy activists say proposed changes to Europe’s landmark privacy law, including making it easier for Big Tech to harvest Europeans’ personal data for AI training, would flout EU case law and gut the legislation.

The changes proposed by the European Commission are part of a drive to simplify a slew of laws adopted in recent years on technology, environmental and financial issues which have in turn faced pushback from companies and the U.S. government.

Sign up here.

EU antitrust chief Henna Virkkunen will present the Digital Omnibus, in effect proposals to cut red tape and overlapping legislation such as the General Data Protection Regulation, the Artificial Intelligence Act, the e-Privacy Directive and the Data Act, on November 19.

According to the plans, Google (GOOGL.O)

, opens new tab, Meta Platforms (META.O)

, opens new tab, OpenAI and other tech companies may be allowed to use Europeans’ personal data to train their AI models based on legitimate interest.

In addition, companies may be exempted from the ban on processing special categories of personal data “in order not to disproportionately hinder the development and operation of AI and taking into account the capabilities of the controller to identify and remove special categories of personal data”.

“The draft Digital Omnibus proposes countless changes to many different articles of the GDPR. In combination this amounts to a death by a thousand cuts,” Austrian privacy group noyb said in a statement.

Noyb is known for filing complaints against American companies such as Apple (AAPL.O)

, opens new tab, Alphabet and Meta that have triggered several investigations and resulted in billions of dollars in fines.

“This would be a massive downgrading of Europeans’ privacy 10 years after the GDPR was adopted,” noyb’s Max Schrems said.

European Digital Rights, an association of civil and human rights organisations across Europe, slammed a proposal to merge the ePrivacy Directive, known as the cookie law that resulted in the proliferation of cookie consent pop-ups, into the GDPR.

“These proposals would change how the EU protects what happens inside your phone, computer and connected devices,” EDRi policy advisor Itxaso Dominguez de Olazabal wrote in a LinkedIn post.

“That means access to your device could rely on legitimate interest or broad exemptions like security, fraud detection or audience measurement,” she said.

The proposals would need to be thrashed out with EU countries and European Parliament in the coming months before they can be implemented.

Source: Critics call proposed changes to landmark EU privacy law ‘death by a thousand cuts’ | Reuters

Anyone can claim anything as being “legitimate interest”. It is what terms and conditions have been using for decades to pass any and all data on to third parties. At least the GDPR kind of stood in the way from it going to countries like the USA and China.

If you’re filing an immigration form – or helping someone who is – the Feds may soon want to look in your eyes, swab your cheek, and scan your face. The US Department of Homeland Security wants to greatly expand biometric data collection for immigration applications, covering immigrants and even some US citizens tied to those cases.

DHS, through its component agency US Citizenship and Immigration Services, on Monday proposed a sweeping expansion of the agency’s collection of biometric data. While ostensibly about verifying identities and preventing fraud in immigration benefit applications, the proposed rule goes much further than simply ensuring applicants are who they claim to be.

First off, the rule proposes expanding when DHS can collect biometric data from immigration benefit applicants, as “submission of biometrics is currently only mandatory for certain benefit requests and enforcement actions.” DHS wants to change that, including by requiring practically everyone an immigrant is associated with to submit their biometric data.

“DHS proposes in this rule that any applicant, petitioner, sponsor, supporter, derivative, dependent, beneficiary, or individual filing or associated with a benefit request or other request or collection of information, including U.S. citizens, U.S. nationals and lawful permanent residents, and without regard to age, must submit biometrics unless DHS otherwise exempts the requirement,” the rule proposal said.

DHS also wants to require the collection of biometric data from “any alien apprehended, arrested or encountered by DHS.”

It’s not explicitly stated in the rule proposal why US citizens associated with immigrants who are applying for benefits would have to have their biometric data collected. DHS didn’t answer questions to that end, though the rule stated that US citizens would also be required to submit biometric data “when they submit a family-based visa petition.”

Give me your voice, your eye print, your DNA samples

In addition to expanded collection, the proposed rule also changes the definition of what DHS considers to be valid biometric data.

“Government agencies have grouped together identifying features and actions, such as fingerprints, photographs, and signatures under the broad term, biometrics,” the proposal states. “DHS proposes to define the term ‘biometrics’ to mean ‘measurable biological (anatomical, physiological or molecular structure) or behavioral characteristics of an individual,'” thus giving DHS broad leeway to begin collecting new types of biometric data as new technologies are developed.

The proposal mentions several new biometric technologies DHS wants the option to use, including ocular imagery, voice prints and DNA, all on the table per the new rule.

[…]

Source: DHS wants more biometric data – even from citizens • The Register

This summer, Dutch music festivals will use RFID wristbands to collect visitor data. The technology has been around for a while, but the innovation lies in its application. The wristbands are anonymous by default, but users can activate them to participate in loyalty programs or unlock on-site experiences.Visitor privacy is paramount; overly invasive tracking is avoided.

This is according to Michael Guntenaar, Managing Director at Superstruct Digital Services, in the Emerce TV video ‘Data is the new headliner at dance festivals’. Superstruct is a network of approximately 80 large festivals (focused on experience and brand identity) spread across Europe and Australia. ID&T, known for events such as Sensation, Mysteryland, and Defqon.1, joined Superstruct in September 2021. Tula Daans, Data Analyst Brand Partnerships at ID&T, also joined on behalf of ID&T.

Festivals use various data sources, primarily ticket data (age, location, gender/gender identity), but also marketing data (social media), consumption data (food and drinks), and post-event surveys.

For brand partnerships, surveys are sent to visitors after the event to gauge whether they saw brands, what they thought of them, and thus gain insight into brand perception. Deliberately, no detailed feedback is requested during the festival to avoid disturbing the visitor experience, says Guntenaar.

The Netherlands is a global leader in data collection. Defqon.1 is mentioned as a breeding ground for experiments with data and technology, due to its technically advanced team and highly engaged target group.

[…]

In a second video, ‘Real-time mobility info in a complex data landscape’, Jorn de Vries, managing director at Flitsmeister, talks about mobility data and the challenges and opportunities within this market. The market for mobility data, which ranges from traffic flows to speed camera notifications, is busy with players like Garmin, Google, Waze, and TomTom.

Nevertheless, Flitsmeister still sees room for growth, because mobility is timeless and brings challenges, such as the desire to get from A to B quickly, efficiently, green, and cheaply. Innovation is essential to maintain a place in this market, says De Vries.

Flitsmeister has a large online community of almost 3 million monthly active users. This community has grown significantly over the years, even after introducing paid propositions. What distinguishes Flitsmeister from global players such as Google and Waze, according to De Vries, is their local embeddedness, with marketing and content that aligns with the language and use cases of users in the Benelux. They also collaborate with governments through partnerships, allowing them to offer specific local services, such as warnings for emergency services. Technically, competitors might be able to do this, says De Vries, but it probably isn’t a high priority because it’s local; Flitsmeister, however, believes that you have to dare to go all the way to properly serve a market, even if this requires investments that are only relevant for the Netherlands. Another example of local embeddedness is their presence on almost every radio station.

The Flitsmeister app now consists of eight main uses. In addition to the well-known speed cameras and track control, it includes warnings for emergency services (ambulance, fire brigade, Rijkswaterstaat vehicles) who are informed early when such a vehicle approaches with blue lights. The app also provides traffic jam information and warnings for incidents, stationary vehicles, and roadworks. Flitsmeister tries to give warnings for the start of traffic jams earlier than the flashing signs above the road, because they are not bound by the gantries where these signs are located.

Navigation is an added feature. In addition, there is paid parking at the end of the journey. Flitsmeister also has links with so-called smart traffic lights, where they receive data about the status of the light and share data with the intersection to optimize it. This can, for example, lead to a green light if you approach an intersection at night and there is no other traffic. More than 1500 smart intersections in the Netherlands are already equipped. Flitsmeister also receives data from matrix signs, including red crosses, arrows, and adjusted maximum speeds.

Privacy is a crucial topic when bringing consumers and data together. Flitsmeister has seen privacy from the start as a Unique Selling Point (USP) if handled correctly. Especially in countries like Germany, this is more active than in the Benelux, and privacy-friendly companies have a plus in the eyes of the consumer. Large players such as Google and Waze have the same legal playing field as Flitsmeister, but differ in what they want, can, and do.

Flitsmeister does collect live GPS data that provides a lot of insight into traffic movements. They are working with Rijkswaterstaat and their parent company Bmobile on pilots, including on the A9, where they combine loop data in the asphalt with their real-time data. This provides a more accurate and cost-efficient picture than road loops alone, which are expensive to maintain and measure limitedly. This combination allows them to provide relevant information, even between the road loops, leading to more accurate and cost-efficient traffic information.

Flitsmeister also works with data that detects real-time situations and provides early advice. They are doing pilots with ‘trigger based rerouting’, where users are proactively rerouted if a reported incident on their route is likely to affect their travel time, even if the travel time has not yet changed at that moment. The challenge here is that people must be receptive to this and understand the rationale behind the rerouting.

Although there is a lot of talk about connected vehicle data, Flitsmeister’s focus is more on strengthening the relationship with the driver than with the vehicle itself. Jorn de Vries believes that the driver will ultimately lead, as the need for mobility comes from the individual and the vehicle facilitates this.

The video Data is the new headliner at dance festivals can be watched for free. The collection Customer data: trends, innovation and future will be supplemented in the coming months and can be viewed for free after registration.

Source: Kagi Translate |(Emerce TV): music festivals want to collect data with RFID wristbands