Abortion bans heighten scrutiny of Google and its user data

Placeholder while loading article actions

Hello and happy Tuesday! Hope you had a safe and relaxing long weekend. As always, you can send me tips and feedback: [email protected]

Below: A hacker claims to offer billions of Chinese citizen records, and a bug bounty company admits it had an insider threat.

Law enforcement agencies often turn to Google for help

Google said it would start automatically deleting location data when users visit abortion clinics and other highly sensitive places.

The announcement, which came last Friday, underscores a deeper problem for privacy advocates: The search engine giant and other tech companies are still accumulating tons of data about their users that could be used in lawsuits for illegal abortions. Some abortion rights advocates worry that states will allow patients themselves to be sued, though state bans so far only target abortion providers.

Indeed, Google is an attractive target for law enforcement. The company received more than 40,000 search warrants and subpoenas in the United States in the first half of last year, according to data posted on its website.

Law enforcement officials have used the requests creatively:

  • In 2019, Google provided Wisconsin investigators with data on people who had searched for a sexual abuse victim on its site, Forbes’ Thomas Brewster reports. Lawyers and privacy advocates are challenging the constitutionality of a similar mandate in Colorado, Brewster reports.
  • The FBI used “geofence” warrants to map phones inside the Capitol on January 6, 2021.

And, prosecutors have used web searches and historical records to prosecute women in Indiana and Mississippi over the past decade, my colleagues Cat Zakrzewski, Pranshu Verma and Claire Parker reported this weekend.

Google has “long been focused on minimizing the data we use to make our products useful and creating tools for users to control and delete data on our platforms,” ​​the carrier said. word. Matt Bryant said The Post’s Geoffrey A. Fowler in an email.

Yet Google’s announcement about automatically deleting abortion-related location data “does not specifically say how the company will respond to abortion-related requests,” writes my colleague Gerrit De Vynck. And Google’s settings force the user to limit the company’s data collection, and few users are likely to end up enabling those settings, Geoffrey claims.

Google and what it does with personal data are under intense scrutiny as states begin to restrict access to abortions now the Supreme Court has overturned Roe vs. Wadethe 1973 judgment granting women the right to abortion.

“The way tens of millions of Americans use Google products every day has suddenly become dangerous,” Geoffrey writes. “Following the decision of the Supreme Court to annul the monument Roe vs. Wade decision, everything Google knows about you could be acquired by the police in states where abortion is now illegal. A search for “Plan B”, a Google Maps ping to an abortion clinic, or even a message you send about a pregnancy test could all become criminal evidence.

The danger of data collection looks different as a result of Roe vs. Wadeoverturns, says Shoshana Zuboffprofessor emeritus at Harvard Business School who popularized the description of Google’s activities as “surveillance capitalism” and who supports abortion rights.

“Every device becomes our potential enemy,” she told Geoffrey.

“The stark reality is that while we now fear that women seeking abortions will be targeted, the same device could be used to target any group or subset of our population – or our entire population – at any time, for any reason who he chooses,” she said. “No one is immune to this.”

Geoffrey’s simple suggestion: Collect less data. That would put it more in line with what privacy-focused rival DuckDuckGo is doing, but would also be a big change for Google, which earns advertising revenue in part through collecting user data.

Google could change its settings to automatically delete user searches and other data after a week or less, give users who use its Incognito mode the option to be anonymous online and secure chats on its platforms, suggests Geoffrey.

But any solution narrowly tailored to abortion risks leaving potentially incriminating adjacent data to be gained. Even requests “apparently unrelated to abortion can still be used against people seeking care or those assisting them”, Matt Caglesenior counsel for the ACLU of Northern California, Geoffrey told.

Hacker Claims to Offer Billions of Chinese Police Files for Sale

The hacker claims the treasure contains data on one billion Chinese citizens and contains sensitive information like incident summaries spanning two decades, the wall street journalreport by Karen Hao and Rachel Liang.

It would amount to one of the biggest personal data leaks on record if true. Five people whose information was in the leak told the Wall Street Journal that the data on them was correct. Some phone numbers in the leak were no longer in use, however

  • A man who said he was scammed sighed when the Journal told him his records had been exposed. “We’re all running around naked,” he said, using a Chinese expression to describe having no privacy.

The hacker claims the recordings come from police in Shanghai, which is the most populous city in China. They said they targeted Alibaba’s cloud subsidiary, Aliyun, which they said hosted the database. The hacker offers the data for 10 bitcoins (about $200,000). Some experts told the Journal that asking for such a large sum of money could hint at the possibility that the hacker was exaggerating or lying about the leak.

Alibaba said it was investigating the incident, The Wall Street Journal reports. Shanghai police and China’s internet regulator did not respond to the outlet’s request for comment.

Some of TikTok’s Chinese employees can access user data, company tells GOP senators

CEO of TikTok Shou Zi Chew told nine Republican senators that Chinese employees of ByteDance, TikTok’s parent company, access data about US TikTok users when passing internal security checks, Bloombergreports Alex Barinka. TikTok has long come under scrutiny for its data security practices. Chinese TikTok engineers can access US user data, BuzzFeed News reported last month.

“We know that we are among the most scrutinized platforms from a security perspective, and we aim to remove any doubts about the security of US user data,” TikTok told BuzzFeed News at the time. “That’s why we engage experts in their fields, continually work to validate our security standards, and engage independent, reputable third parties to test our defenses.”

Last month, TikTok said it would move its US user data to Oracle’s cloud infrastructure, CNN reported. FCC Commissioner Brendan Carr, a Republican, said that didn’t address his concerns and he called on Apple and Google to remove TikTok from their app stores last month. TikTok executive Michael Beckerman said on CNN this weekend that he had “contacted Commissioner Carr and his office and offered to come in and brief him”, hoping he could “set the record straight with him”.

Employee stole vulnerabilities reported by researchers, company says

Malicious HackerOne employee contacted seven companies to report vulnerabilities they saw while working at HackerOne, a platform that allows researchers to report software vulnerabilities and earn bug bounties, beeping computerreports Ionut Ilascu. The employee received bonuses from at least some of the companies to which he reported the stolen bugs.

HackerOne says it fired the employee. “Subject to a review with counsel, we will decide whether a criminal referral of this matter is appropriate,” he said. “We are continuing forensic analysis of the logs produced and devices used by the former employee.”

How mercenary hackers are influencing court battles (Reuters)

Russian hackers reportedly target Ukraine’s largest private energy company (CNN)

Julian Assange appeals in UK court against extradition to US (Associated Press)

Iranians’ remote access to banking services cut following cyberattacks (IranWire)

British politicians are sounding the alarm over Chinese CCTV providers (Financial Times)

Chinese hackers continued to hire despite FBI indictment (Financial Times)

British Army Twitter and YouTube accounts hacked to promote cryptocurrency scams (CNBC)

DOJ sets new targets to respond to ransomware attacks (The Record)

Key cyber agency expected to get procurement authority, contracting officers (Federal News Network)

UK to force internet companies to curb foreign ‘disinformation’ (Bloomberg)

Growing threats spark a rush for cyberworkers in the US (The Hill)

  • The United Nations Institute for Disarmament Research is hosting a conference today on Cyber ​​Stability and Critical Infrastructure Protection.
  • Collar. Candice E. Frostthe commander of the US Cyber ​​Command’s Joint Intelligence Operations Center, speaks at a NightDragon event Thursday at 4:30 p.m.

Thanks for reading. Until tomorrow.

About Geraldine Higgins

Check Also

With over 900 courses to choose from, there’s something for everyone

Want to learn how to run your own business, take photos professionally, speak a new …