91¿´Æ¬Íø

Privacy and the Internet Research Repository

Public Policy programming at 91¿´Æ¬Íø for the 2022-23 academic year is focused on Privacy and the Internet, a topic that affects everyone of all ages.

Virtual banking, online shopping, electronic medical records, and social media are now woven into the fabric of our everyday experience. The ubiquitous nature of these technologies, however, has also enabled businesses and governments to access astonishing amounts of our personal information. We have chosen Privacy and the Internet to be our inaugural topic, because digital technology has become a routine presence in our lives, while our understanding of the costs often lag behind our understanding of the experience.

Our programming includes both a fall lecture series which is open for anyone to attend and the Public Policy Analysis Challenge for our students in the spring. This webpage is a repository of several documents that speak to the importance of privacy and the internet. Interested students and community members are invited to use the repository to further explore various aspects of online privacy. The page is organized into several important topics, including Individual Privacy, Cybersecurity, Government Oversight, Legislation, Global Perspectives, Cybercrime, Surveillance, Biometrics, Big Tech, Health, Data Brokerage, Mobile Apps, The Internet of Things and Artificial Intelligence, Research Tools, Privacy Policies, and Court Cases. Click on the according buttons on the right to see specific links on each sub-topic.

Individual Privacy

Data Privacy

Who should own your data? This question is examined through the example of smart tractors. Smart tractors collect data via GPS, which is then used to predict crop profitability. When farmers are faced with an incentive to sell GPS data, what are the consequences of doing so?

In our world, data belongs to those who collect it. This video by PHD Comics, introduces concepts such as digital privacy, big data, and the internet of things.

Some employers rely on semi-automated tools, like monitoring software and behavioral analytics, to assess employees. The growth in private sector monitoring raises ethical questions.

The Federal Bureau of Investigation (FBI) performed potentially millions of searches of American electronic data last year without a warrant, raising concerns about government surveillance and privacy.

Venmo is a useful app for transfering money. Beside aiding the transferring of funds, Venmo has made the sending and receiving of money a social affair. What can hackers glean about a person from innocuous transaction data? It turns out Venmo data can be used to facilitate cyberattacks.

Data brokers claim to anonymize their data sets. While metadata is technically anonymous, de-anonymizing data is simple. This post highlights a tool which calculates how likely you'd be correctly identified in anonymous data sets.

Your identifying information, such as an email address, travel online in a hashed, non-personally identifiable manner. However, as this post explains, emails can easily be unhashed. Some companies charge as little as four cents to reverse hash an email address.

Crisis Text Line has control of the largest mental health data set in the world. Read to learn why ethics and privacy experts were concerned when Crisis Text Line shared data with a for-profit partner, Loris.ai.

Digital Privacy

We all should care about privacy. Privacy is not only pertinent for individuals who have actions to hide.

Big Tech companies are changing rules around online data collection, yet advertising remains at the center of the internet.

Explore this guide to make changes to protect yourself and your information online, and learn why you might want to make them.

In an interview with Washington state Chief Privacy Officer Katy Ruckle, the role of data privacy in providing government services is explored.

Explore the personal data Microsoft collects and how the company uses it in language that is easier to understand.

NFTs are unique, digital assets that represent real-world objects. However, today's NFT platforms lack fundamental security features. Read to learn why NFT’s are deemed low privacy.

Personal Information

Explore the relationship between children’s rights, business and the internet in this series of discussion papers.

The Pew Research Center surveyed Americans on their opinion of mass data collection and internet anonymity. Survey results concluded that most Americans support great limits on data collection and most express low levels of confidence in corporate data protection.

A majority of Americans believe their online and offline activities are being tracked and monitored by companies and the government.

Personal data is a financial commodity and is often exploited by individual firms. The question of data ownership is a central concern. Explore the arguments surrounding private and collective data ownership.

Data brokers are sites that legally gather and sell your information. These sites use automated software to harvest information from tech companies, telecommunication providers, credit bureaus, tax records, court records, and other public sources. Personal data is then unified and sold at a listing price of $20.

As more and more personal information is being tracked online, data protection has become a growing concern. The state of Connecticut has created a data collection law, providing consumers with extended control over their digital privacy.

Online Tracking

Most web pages do not charge a monetary entrance fee, however, the website is not free: you pay with your privacy. This reading explores how online behaviors are tracked and how tracking persists, even when site operators disable such technologies.

Many privacy concerns can be traced back to cookies. While most companies use them responsibly, apprehension remains as cookies are not going away.

“Some cookies aren’t delicious; they track your personal data.” This resource examines website cookies, differentiates between valid and malicious types, and concludes by reviewing privacy protection tools.

Norfolk County Council used Sailpoint IdentityIQ to manage identities of individuals working within their organization. In addition, self-service password management was implemented for employees to manage their identities and passwords independently.

Privacy Solutions

Privacy is more than just avoiding targeted ads, the personal information tech companies gather can affect our lives in unprecedented ways. Read to explore tips and techniques that will limit the way products and services collect, share, and make money off your data.

Your usernames and password could be floating around the internet due to website data breaches. However, using a password manager can help protect your information as they can create strong passwords, store login credentials, autofill login information, protect your data, and export credentials to switch password managers.

“Cookie banners” appear on most websites due to a regulation requiring webpages to post their data collection policies. In reality, cookies are widely ineffective and do little to protect privacy. This article explores how technology could make it easier for consumers to gain control of their data.

Meta is working to use privacy-enhancing technologies that incorporate personalization, while becoming less reliant on individual third party data.

Explore steps to increase your online security.

Apps on your smartphone capture a plethora of personal information. Your phone is packed with GPS, camera, and sensitive data such as your contacts and health status. This article provides a checklist that will help you limit that amount of data you inadvertently share with your mobile apps.

In response to privacy concerns, San Jose created its Digital Privacy Advisory Taskforce. However, a series of emails obtained by Motherboard allude to clashes between Silicon Valley’s technologists and privacy experts.

Termed “Total Cookie Protection," Firefox has implemented a cookie restriction feature that protects against online tracking. Read to learn why blocking third party tracking is an immense privacy gain.

Data ownership is an idea often expressed about information privacy. This article argues that viewing data as a commodity restricts the free flow of information and induces the trading of privacy rights.

Cybersecurity 

Cyber Threats

Digital privacy legislation strives to license constituents a say in how their data is used and distributed. Learn how state and local government leaders respond in a survey about digital privacy.

The FBI highlights how to exercise caution on the internet. The brief informatic emphasizes a need to protect your systems, data, connections, and information.

Cryptojacking was once confined to browsers, however, cybercriminals have now turned attention to the lucrative industrial networks. Learn how cryptojacking has become a threat to critical infrastructure.

Privacy concerns impact one's personal life and have entered the mainstream. Explore six trending threats that brought digital protection and privacy into the public eye.

If you are an iPhone user, you may not be secure against malicious Pegasus installation. Pegasus spyware can collect emails, call records, sound recordings, and browsing histories. If you believe Apple products keep you safe from spyware, think again!

Ransomware is a form of malware that prevents users from accessing their systems, files, and data. Individual, business, or organization data is then held hostage until a ransom is paid ($600 - $700,000).

Starting in 2014, mobile ransomware attacks have been reported on a large scale. Mobile ransomware locks a device and demands a ransom for device and data restoration.

Mobile spyware is a hidden malware that steals information, records audio, takes pictures, and tracks device location. Read to learn about spyware’s infection method and device remediation.

Cyber Vulnerabilities

IT cybersecurity professionals feel the ​​hybrid-work arrangement leaves their organizations more compromised and exposed to security threats.

A surge in identity theft during the pandemic highlights how easily hackers can obtain people’s private data.

Learn about the most recent security vulnerabilities that impact Microsoft Windows, VMware, Cisco, and F5.

Cars have been hacked before, however, a German teenager became the first to hack a vehicle through an app. A 19 year old found a vulnerability in an app installed on some Teslas and was able to access the remote control of 35 vehicles.

Cyber Security Standards

The federal government has yet to pass a comprehensive cyber security law. In compensation, precursing internet regulations have expanded to include cyber security clauses. This article overviews federal, state, and international regulation as they relate to cyber security.

Cybersecurity standards are collections of best practices, fabricated to help improve the cybersecurity posture of any organization. This page details the common cybersecurity compliance archetypes.

Cryptography is used to secure communications, protect information in transmission, and codify stored data. The National Institute of Standards and Technology (NIST) has released standards pertaining to data encryption, advanced encryption, and public-key cryptography.

What are the insurance implications for companies who are at risk of cyber attack? The NotPetya malware attack caused $10 billion of damage globally, yet cyber insurance companies denied reparations. Read to explore the legality behind cybersecurity policy.

The Infrastructure Asset Pre-Approval program (IA-Pre) was developed to combat the security risks which could impact a Department of Defense mission. This post explores the IA-Pre program and emphasizes the importance of cybersecurity in the space domain.

Cyber Law

Congress approved a federal law requiring companies to report cyberattacks to federal authorities. The aim of the law is to create a space where the government can work cohesively with private sector companies to address cyber instances.

Cyber law provides legal protections to anyone using the internet or internet related technologies. Key components of cyber law are cybercrime, cybersecurity, intellectual property, and risk mitigation. Read to learn about these components and the recent trends in cyber law.

In 2021, hackers initiated a ransomware attack on the Colonial Pipeline. The attack drove up U.S. gasoline prices and infiltration ceased only after Colonial agreed to pay the hackers $5 million in compensation.

On May 11, 2022, the U.S House Committee on Science, Space, and Technology convened to discuss improving open software cybersecurity. The government could play an active role in cybersecurity by encouraging a security focus.

The FBI does not support paying the ransom in the aftermath of a ransomware attack. Read to learn why paying the ransom is not supported.

Security Solutions

Listen to a webcast that explores privacy implications and ways to protect your identity online.

Traditionally, stakeholders using a company network would follow a “trust, but verify”, access approach. As cyberattacks continue to grow in volume, IT infrastructures shift to a “Zero Trust” security framework.

Ngô Minh Hiếu, a hacker who was incarcerated in the U.S. for running an online store that sold the personal information of about 200 million Americans, now attempts to protect the world from the sorts of cybercriminals he once was.

The demand for cyber insurance has skyrocketed. This influx of demand has created issues for cyber policy holders, as protection has become more costly and less comprehensive.

A zero trust security approach is the current best digital security practice. However, in a zero trust system, absolute trust is placed in the verification method. Read to learn more about decentralizing trust.

Cybersecurity is the practice of protecting electronic data from unlawful use. This article breaks down cybersecurity into 5 subcategories and explains the practicality of each subtype.

View nine tips to foil hackers, ransomware, online trackers, data brokers, and other menaces.

Large organizations are embracing cloud computing as a foundation for their business strategies, often centered around digital transformation.

The 2021 Duo Trusted Access Report considers the future of hybrid work and suggests methods to secure devices and applications.

Fisco, Texas, has taken steps to modernize its IT security tools. Implementing Microsoft’s suite of integrated solutions has helped the city automate security tasks, facilitate threat detection, and build a secure enterprise.

Token, a company founded in 2014, has developed a wearable authentication ring. The smart ring offers a passwordless, biometric authentication solution.

Government Oversight

Digital Government

Taxpayers who want to access their IRS records online must submit copies of their driver’s license, social security card, and other documents to the ID.me as proof of identity.

The National Cyber Investigative Joint Task Force (NCIJTF) was established to combat the evolving cyber landscape. Learn more about the multi-agency cyber center and its responsibilities.

Magnet Forensics, a tech firm, has made a $5 million deal with U.S law enforcement. The tech provider plans to equip police with data extraction tools to aid investigative efforts and combat cyber attacks.

Modern identity systems are vast. They include our passwords, characteristics, and behaviors. Governments have been looking into implementing national identity systems to support administrative needs. Read to explore the motivations behind introducing ID systems.

Many government agencies still struggle with outdated legacy technology. This resource is a complete guide to improving government services with Microsoft cloud technology.

Data Collection

During the pandemic, a plethora of digital tools were introduced, each embedded with questionable data collection features. We accepted these controversial tools (e.g. tracking apps) under the guise of COVID-19. Watch to learn how the government used and abused its citizens' personal data.

The 4th amendment protections individual privacy by requiring law enforcement to obtain a warrant before searching individual personal records. However, state, federal, and local law enforcement have been sidestepping the amendment by purchasing sensitive data from brokers.

Mobile apps routinely sell user’s location data to government agencies. In December 2020, the ACLU and NYCLU filed a lawsuit seeking records from the Department of Homeland Security about the practice of purchasing cell phone location data.

Our nation’s digital surveillance is increasingly outsourced to private companies. These corporations aggregate, analyze, and deploy consumer data sets. Read to learn about the commercialized surveillance state and its privacy risks.

Measurement Systems, a Panamanian firm, wrote a data harvesting code that later infected many popular mobile apps. The intrusive code collected location data and personal identifiers.

This white paper explains how the government collects and utilizes your location data. Both the legal and the policy landscape of geolocation data privacy are explored.

The U.S Postal Inspection Service (USPIS), a subsidiary of the U.S Postal Service, is charged with law enforcement, crime prevention, and security. Recently, USPIS proposed a modification to its inspection filing system, seeking to aggregate more data from Postal Service customers. The Electronic Privacy Information Center (EPIC) has submitted comments to USPIS urging a reversal of the proposed data collection expansion.

According to Amazon’s transparency report, subpoenas and search warrants received by the government have increased. The data demanded by the government includes information collected from Echo, Kindle and Fire tables, and inputs from Amazon’s home security devices.

Local Initiatives

Cities are looking to ensure privacy in surveillance technology procedures and in data handling logistics. Explore the workings of Oakland, California's privacy advisory commission.

Cyber security is a pressing concern for federal and state governments. More than 30 states have created a cyber task force or commision group to better address and understand cyber security threats.

Cyber attacks can disrupt a city's municipal stations, emergency call centers, and most other city services. Read to learn why cities are vulnerable for attack and how they can protect themselves from digital disruption.

The Digital Counties Survey provides the opportunity for local information technology organizations to highlight their past advancements and future goals. Read to learn which counties scored highest in the 2022 edition.

State databases, which hold a vast amount of personally identifiable data, have become an attractive target for cybercriminals. This tool explores the data security laws for each applicable state government.

Cybersecurity

The evolving cyber landscape has led the FBI to implement cyber solutions. Learn more about the FBI’s strategy and partnerships.

The U.S Government Accountability Office (GAO) has expressed concern over the excess of national cybersecurity shortcomings. Read about four major cybersecurity challenges and the 10 associated critical action steps the GAO recommends.

Governance through identity-centric security can help governments protect data and applications. This article introduces identity-centric technology and its benefits.

The ransomware economy is growing: attacks have become more frequent and ransom payments have reached the billions. Alarmingly, the U.S. government lacks understanding of ransomware attacks.

There is no international legislation restricting spyware. Could this be a reason why discoveries of spyware on devices of politicians has become increasingly common? Explore the tradeoff between privacy and digital infrastructure.

Local governments are seeking to improve cybersecurity procedures. Learn how states like New York and Tennessee have extended cyber services to local governments.

Texas CIO Amanda Crawford outlines a plan to implement multifactor authorization and endpoint protection software across the state government. 

Legislation

Privacy Law

Privacy law states that individuals should have control over information concerning oneself. Dr. Fred Kate denotes seven reasons why privacy consent should not be the focus of privacy law.

In this podcast episode, Alaska State Representative Zack Fields discusses the Alaska Consumer Data Privacy Act. The legislation seeks to protect customers and businesses who use data functionally, while targeting predatory data collection.

Maureen Mahoney of Consumer Reports, joins Husch Blackwell’s David Stauss to discuss consumer data privacy. This episode focuses on data protection policy from California, Colorado, and Virginia legislation.

Listen in on a debate between the advocates and the critics of the General Data Protection Regulation. The GDPR is aimed at regulating the way companies handle customer’s personal data.

97% of Americans say they have been asked to agree to a company's privacy policy, yet relatively few report reading and understanding these policies. This report by the Pew Research Centers explores the demographic differences in reading privacy policies and provides statistics encapsulating the American opinion of corporate data accountability.

Does the right to privacy exist? This article overviews the history of legal privacy, provides conceptual definitions of privacy, and critiques Roe v. Wade with respect to personal autonomy.

The American Data Privacy and Protection Act strives to be the first federal data privacy policy. Read to learn what the act proposes.

Lawmakers are crafting a comprehensive national privacy law. The law covers topics of data ownership and control, the right to consent and object, and data protection for children and minors. Read to explore the perspective of Industry experts and their opinion on the bill's success.

Without changes to the Electronic Communications Privacy Act (ECPA), the police will continue to be able to access Americans' e-mail, or documents stored online that are more than six months old, without having to acquire a judge's permission, if the authorities promise it is "relevant" to a criminal investigation.

Due to an absence of federal privacy laws pertaining to data, the information collected is not regulated and there is no standardization for notifying users of data breaches. States determine their own privacy laws, allowing many companies to use, share, or sell data without notifying the individual it belongs to.

Cyber Law

The IT Act seeks to safeguard information and minimize vulnerabilities. This resource overviews the policy and introduces cyber law terminology.

On May 11, 2022, the U.S House Committee on Science, Space, and Technology convened to discuss improving open software cybersecurity. The government could play an active role in cybersecurity by encouraging a security focus.

The Competition and Transparency in Digital Advertising Act, a bipartisan bill co-sponsored by Sens. Ted Cruz (R., Texas), Amy Klobuchar (D., Minn.) and Richard Blumenthal (D., Conn.), aims to prohibit companies processing more than $20 billion in digital ad transactions annually from participating in more than one part of the digital advertising ecosystem. If passed, the legislation would directly impact Google.

Congress approved a federal law requiring companies to report cyberattacks to federal authorities. The aim of the law is to create a space where the government can work cohesively with private sector companies to address cyber instances.

Federal

Senator Amy Klobuchar (D-MN) is the co-sponsor of the American Innovation and Choice Online Act, which, if enacted, would ban dominant platforms from favoring their own products and services over those of their competitors. Another bill sponsored by Klobuchar waiting to receive final approval in the House would provide more funding for the Justice Department and Federal Trade Commission through larger merger filing fees. The hope of these bills, and other pending legislation, is to address the power of Big Tech so companies cannot give preference to their own products or copy the data of other companies.

Congress is considering revisions to Section 230 of the Communications Decency Act. Section 230 seeks to make the internet safer from hate speech, disinformation, criminal activity, and other harms.

Explore the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a federal law that protects sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Critics of Sen. Amy Klobuchar’s antitrust legislation raise concerns that the bill could dramatically change consumer-favorite products, while supporters of the bill argue that the legislation targets self-preferencing practices by big tech. Despite the opposing views, the impact of the legislation and the consequences for consumers is uncertain.

Learn about what HIPAA does and doesn’t do.

Learn about the Fair Credit Reporting Act (FCRA).

Learn about a section from the Video Privacy Protection Act.

Explore the Family Educational Rights and Privacy Act (FERPA), a federal law enacted to protect the privacy of student education records.

Learn about the Gramm-Leach-Bliley Act, which requires financial institutions to explain their information sharing practices to their customers and to safeguard sensitive data.

Learn about a section of the Gramm-Leach-Bliley Act.

Explore the Electronic Communications Privacy Act of 1986 (ECPA), which protects wire, oral, and electronic communications.

Explore the USA PATRIOT Act, which arms law enforcement with new tools to detect and prevent terrorism.

A federal data privacy law is in the works. The legislation aims to place limits on how tech companies can collect and use user data. Additionally, the bill includes antidiscrimination protections and restricts the transfer of sensitive data.

Learn about the Electronic Communications Privacy Act of 1986 (ECPA), which protects wire, oral, and electronic communications.

Explore the Children's Online Privacy Protection Act (COPPA) of 1998.

Learn about the Children’s Online Privacy Protection Act (COPPA), which gives caregivers control over what information websites can collect from their kids.

Learn about the Federal Trade Commission Act.

Section 230 is a law that says users and social media providers are not liable for any information posted on media platforms. This video explains the bill and the key issues surrounding the legislation.

State

Learn about the California Consumer Privacy Act of 2018 (CCPA), which gives California consumers more control over the personal information that businesses collect and guidance on how to implement the law.

Biometric Information Privacy Act (BIPA) establishes biometric data standards, requires a notice and consent to data collection, and prohibits companies from selling biometric information.

Explore the California Privacy Rights Act of 2020 (CPRA).

The California Privacy Rights Act established a new agency, the California Privacy Protection Agency (CPPA) to implement and enforce the law.

Explore the Consumer Data Protection Act, which establishes a framework for controlling and processing personal data in the Commonwealth.

A Texas law allowing residents to sue social media companies for censoring their content was reinstated by a federal appeals court; however, many argue that the content moderation law is unconstitutional, raising First Amendment concerns.

The failure of congress to pass federal privacy legislation has prompted the Connecticut Senate to pass a bill protecting consumer data. Senate Bill 6 would allow consumers to be notified by companies collecting data and ability to opt out of sales or sharing of that information.

Virginia may pass the Consumer Data Protection Act, which would grant consumers the right to determine whether their data is collected and processed and ask for a copy of their data, correct inaccuracies, ask for the deletion of personal data, and opt out of the processing of personal data that may be used for targeted advertising, sale, or consumer profiling.

Explore the Colorado Privacy Act (ColoPA).

Learn about the Colorado Privacy Act (ColoPA) and how it compares to California and Virginia legislation.

Explore the Kids Online Safety Act of 2022.

1.4 million Illinois residents received checks as compensation for a $650 million lawsuit against Facebook. Illinois lawyers were not pleased when the social media platform gathered biometric data without user consent.

Illinois has strict legislation governing the use of biometric identifiers. This article explores the Biometric Information Privacy Act of Illinois. The Act set limits on the amount of data that can be collected, requires consumer consent, and encourages a private right of action.

Explore state laws related to digital privacy.

Explore state laws related to security breach notifications.

Ten states are currently considering data privacy legislation similar to California’s Consumer Privacy Act (CCPA).

States are taking action on privacy, taxes and content moderation quicker than Congress.

Big Tech is pushing to pass friendly, watered-down state privacy bills to avoid greater protections.

Companies must honor the Global Privacy Control (GPC), a browser-based data collection opt-out tool, under the California Consumer Privacy Act, according to California’s attorney general.

Global Perspectives

There are practically no legal provisions specific to biometric data protection. Instead, legal texts rely on provisions relating to personal data protection and privacy.

The Secure Equipment Act of 2021 removed approval for Huawei or ZTE equipment to be purchased for American network operations. The Federal Communications Commission backed the law, designating Huawei and ZTE as national security threats.

The European Union wants to Regulate artificial intelligence through the EU AI Act. Listen in on a conversation with Mozilla Foundation's Executive Director Mark Surman, as he describes the key facts of the EU AI Act.

Explore legislation pertaining to data protection and privacy around the globe.

Learn about regions and countries that have implemented international privacy laws for data protection.

Global Issues and Perspectives

China

Security checkpoints, facial scanners, hand-held devices to search smartphones, and swiping ID cards and staring into a camera are just a few ways in which people are surveilled in Urumqi, China.

The Time’s investigation team analyzed government bidding documents, which call companies to bid on contracts to provide surveillance technology. Technologies include phone tracking devices, DNA databases, and facial recognition cameras. All of these systems are integral to China’s expanding surveillance state.

China suspended Ren Zeping’s Weibo account days after he wrote an article suggesting that the country spend $314 billion to boost its fertility rate.

Dozens of Chinese firms have built software that uses artificial intelligence (AI) to sort data collected on residents.

China’s technology industry minister, has been engaged in a campaign tasked with regulating the online economy and tackling issues of data security.

China has been increasing internet censorship year by year. For starters, access to Google is largely blocked. Read to learn about China’s internet limitations and the recommended steps to improve your online capabilities.

In a software update, a Chinese company introduced a secret backdoor that collected personal data. Android BLU devices users had their phone number, location, and message data collected.

U.S. and China Relations

The United States Olympic & Paralympic Committee is encouraging Team USA to use disposable or “burner” phones instead of personal devices during the Beijing Winter Olympics due to surveillance and malicious software concerns. The Canadian Olympic Committee, British Olympic Association, and Dutch Olympic Committee/Dutch Sports Federation also informed their athletes of cybercrime threats and urged individuals to take precautions.

The Secure Equipment Act of 2021 removed approval for Huawei or ZTE equipment to be purchased for American network operations. The Federal Communications Commission backed the law, designating Huawei and ZTE as national security threats.

In 2021, the Federal Communications Commision removed the permission of China telecom to operate in the United States. The company’s removal stemmed from fear that the telecon agency would aid the Chinese government to access and misroute U.S. communication.

The China based tech giant, Huawei, has plans for developing intelligent digital infrastructure. Additionally, Huawei's market share has been growing, as others realize the prospects of the company. However, the U.S has banned companies from using the tech provider. Will the U.S. come to regret its decision?

Android phones were recently discovered with pre-installed monitoring software. The software was installed without disclosure, and collected the contents of text messages, contact lists, call logs, and location information.

Europe

Learn about the General Data Protection Regulation (GDPR), Europe’s data privacy and security law.

Explore information to help organizations achieve General Data Protection Regulation (GDPR) compliance.

Explore the General Data Protection Regulation (GDPR) text.

G.D.P.R., Europe's new privacy law, allows people to reduce the trail of information left when online and grants individuals the ability to request the data that companies hold on them, and demand it be deleted.

As companies bid for online advertising slots, data about every internet user is shared hundreds of times each day.

U.S. and Europe Relations

Real-Time Bidding (RTB) tracks what you are looking at and it records where you go. Every day it broadcasts data to a host of companies, enabling them to profile users. This report presents the scale of this data breach.

There are practically no legal provisions specific to biometric data protection. Instead, legal texts rely on provisions relating to personal data protection and privacy.

In April 2022, the U.S and 55 other nations signed the “Declaration for the Future of the Internet.” The political commitment aims to promote the free flow of information and ensure user privacy.

Compare the digital privacy mindset in Europe and the U.S.

Europe implemented the General Data Protection Regulation (GDPR) in 2018, which establishes several privacy rights including a requirement for companies to inform users about their data practices and receive explicit permission before collecting any personal information, yet America lacks a comprehensive federal law to regulate digital privacy.

Russia

Recent developments in Russian internet regulation have focused on tightening government control, content filtering, and the engineering of novel monitoring technology. This white page explains Russian internet regulations as they apply to the web, applications, and telecommunications.

President Vladimir V. Putin, appears to see the internet as a new found threat. The President clamped down on news outlets, blocked access to Facebook, and enacted a law that criminalizes anyone spreading “false information” about Russia’s invasion of Ukraine.

Russian authorities warned tech companies including Google, Meta, Apple, Twitter, and others that they must comply with a new law that requires them to set up legal entities in the country, making the companies and their employees more vulnerable to Russia’s legal system and government censors. Through the use of ultimatums, authorities are pushing tech companies to censor unfavorable material, while keeping pro-Kremlin media unfiltered.

A report from Microsoft revealed that the Russian government was succeeding in its disinformation campaign to establish a narrative of the war favorable to Russia, despite Moscow failing in more than two-thirds of the cyberattacks conducted.

Moscow has been on a mission to become a smart city. While smart cities can increase efficiency and improve the quality of life, smart city technology in the hands of an authoritarian regime should raise safety concerns.

Latin America

The spread of disinformation, especially revolving around elections, could threaten a country's democracy. To combat false content, Telegram has announced an aim to monitor content and create fact-checking channels.

Explore data protection laws in Latin American countries and Spain, some of which are GDPR-inspired.

Learn about how various Latin American countries address data privacy.

Government surveillance is a problem in Latin American countries, emphasizing the importance of human rights and the need to increase safeguards.

Listen to a webcast on how Latin American governments and those in the private sector can protect digital privacy and improve cybersecurity.

North Korea

North Korea heavily restricts citizens' internet access. Read to learn what you may encounter on the North Korean internet.

North Korea’s domestic internet, kwangmyong, only provides access to government approved websites. Additionally, phone, media, and communication activity are notoriously controlled.

The People's Republic of North Korea has established an information monopoly – Radio, television, cellphones, and media access are fully controlled by the president. This report focuses on the violation of internet freedom and details the techniques used to limit access to outside information.

North Korea’s economy has been heavily impacted by sanctions and the coronavirus pandemic, yet the nation continues to spend money. A key part of the mystery was figured out when North Korea was publicly accused of stealing millions of dollars in cryptocurrency to raise funds.

HIDDEN COBRA is the code name the U.S. Government uses in reference to the North Korean government’s malicious cyber activity. The North Korean government engages in cybercrime to collect intelligence, conduct attacks, and generate revenue.

In January 2022, an attack against North Korea resulted in a country wide internet blackout. Discover the motives behind the North Korean hack.

Global Issues

Explore global challenges and opportunities and the legal and regulatory environment for privacy protection on the internet around the world.

As nations attempt to control digital data within their country or region, governments set new rules and standards in an attempt to gain “digital sovereignty.”

Edward Snowden is a former CIA agent, who leaked details of the extensive internet and phone surveillance by American Intelligence. Leaked documents suggested that the National Security Agency (NSA) broke US privacy laws hundreds of times per year.

China, the world’s surveillance superpower, is often criticized by other nations for its authoritarian oversight. However, as COVID peaked, mass data collection and surveillance expanded globally.

Huawei has recently joined the consumer smartphone market, now owning more than 16% of the industry. However, concerns have been sparked over Huawei's potential to be spying on behalf of the Chinese government.

Cybercrime

Dark Web

This article explores UniCC, a Dark Web credit card fraud and identity theft platform. After generating over $358 million in fraudulent purchase revenue, UniCC announced its shut-down.

In 1994, Philip Agre predicted that computers would facilitate the mass collection of data. Additionally, Agre foresaw the authoritative misuse of facial recognition technology and foretold that artificial intelligence would be put to dark uses.

The black market for data is a multi-billion dollar industry where stolen information is bought and traded. Read to learn about the factors contributing to the growth of the dark web and why decentralized storage may be a solution to combat the black market.

Learn about the dark web and review a case study.

Malware

Lincoln College closed after 157 years due to financial challenges from a 2021 ransomware attack and the coronavirus pandemic.

Even one weak password can give hackers an advantage to intrude an entire city’s network. A successful cyber attack could disrupt airport, finance, public safety, and utility city-operations.

ERMAC 2.0 is a malware that targets Android devices. ERMAC 2.0 spreads via fake sites and the malware works to harvest user data.

Ransomware for IoT (R4IoT), is a new ransomware that targets an IoT device in an attempt to gain access to IT (information technology) and OT (operational technology) networks.

May 2021, the Colonial Pipeline shut down in response to a ransomware attack. As digital threats to energy infrastructure are becoming more frequent, why does cybersecurity regulation remains scarce?

SMS Trojan is malware that infects a mobile device and intercepts the SMS messaging system. Learn about SMS Trojans infection method and remediation steps.

Mobile Bank Trojan is a mobile banking malware that seeks to steal an individual's bank account credentials. Read to learn about Mobile Bank Trojan’s history, infection method, and remediation.

Scams and Frauds

Cryptojacking was once confined to browsers, however, cybercriminals have now turned attention to the lucrative industrial networks. Learn how cryptojacking has become a threat to critical infrastructure.

The IRS phone scam is a common scam technique used by cyber criminals. This article includes an excerpt from a conversation with a fake IRS agent.

Sextortion campaigns are on the rise. The attack strategy is simple: spice up a threatening email with some personal details, then claim to have photos or videos which will be emailed to friends, family, and colleagues unless a bitcoin ransom is paid.

Money mules receive stolen funds and transfer them to cybercriminals. Read to learn how money mule recruiters trick individuals into becoming money launderers.

Disaster donation scams ploy on tragedy and sympathy to hoax individuals. This blog describes the social engineering involved in fake disaster donation scams and offers methods to avoid such scams.

The Ellen DeGeneres giveaway scam spread on social media in 2015. Read to learn about this celebrity scam and why it failed.

Social Engineering is a method used by cybercriminals to get victims to breach security or disclose private information. Learn about the objectives of social engineering and the common types of online scams.

A robocall is any telephone call that delivers a pre-recorded message with the intention of stealing identifiable or financial information. Read to learn about the main types of scam calls and solutions for avoiding robocalls.

Hacks

A T-Mobile data breach exposed information including customers’ first and last names, social security numbers, driver’s license, and other information.

GhostTouch, is the first contactless cyber attack strategy. The strategy uses ‘electromagnetic interference to inject fake touch points into a touchscreen’ device.

A data breach associated with DNA Diagnostics Center (DDC), a national genetic and paternity testing organization, led to hackers accessing the personal information of more than 2.1 million people. While no genetic information was stolen and the breach was limited to the archived system, hackers accessed full names, social security numbers, credit and debit card numbers and CVV, financial account numbers, and the breached system’s password.

Did you know that USB chargers are open to malicious compromise? Review how cyber criminals can take advantage of public chargers and install transmittable malware.

Six Russian military hackers have been named by the U.S. Department of State as cybercriminals for their alleged involvement in computer fraud, aggravated identity theft, and other malicious cyber activity. Learn why the U.S. Department of State is willing to offer up to $10 million for information on these hackers.

In January 2022, an attack against North Korea resulted in a country wide internet blackout. Discover the motives behind the North Korean hack.

North Korean hackers have a new trick up their sleeves: posing as cybersecurity bloggers to attack reacherers in the field. Learn how the hackers created cybersecurity blogs, phished cyber researchers, and hoped to exploit them.

Hackers gained access to an internal admin tool and compromised high profile Twitter accounts (e.g. Elon Musk and Barack Obama). Learn how Twitter was at fault for this attack and how implementing end-to-end encryption could have safe guarded the social network company from the attack.

The astonishing return on cryptocurrency investment has lured cybercriminals into cryptocurrency theft. Learn about the forms of crypto theft and how antivirus software can prevent your crypto wallet from being hacked.

There is no international legislation restricting spyware. Could this be a reason why discoveries of spyware on devices of politicians have become increasingly common? Explore the tradeoff between privacy and digital infrastructure.

Identity Theft

Job applications enrich a company's database, making an attack increasingly attractive to hackers. It is critical to protect your personal information when job hunting.

Identity theft occurs when someone impermissibly uses your personal (e.g. name, address) or financial (e.g. credit card, bank account) information. Read to learn how to protect yourself against identity theft.

In 2019, the government of New South Wales switched to a digital driver's license (DDL). DDL allowed citizens to use their cellphones to show proof of identification during roadside police checks and at bars. In theory, DDL was innovative. In reality, the digital ID was a field day for identity scammers.

LifeLock’s CEO, Todd Davis, displayed his social security number on the company's advertisements. In an effort to exhibit LifeLock’s security, Davis has ironically been a victim of identity theft.

Learn about what child identity theft looks like and how it can be prevented.

Cybercrime

The evolving cyber landscape has led the FBI to implement cyber solutions. Learn more about the FBI’s strategy and partnerships.

Real-Time Bidding (RTB) tracks what you are looking at and it records where you go. Every day it broadcasts data to a host of companies, enabling them to profile users. This report presents the scale of this data breach.

Andrew Yang wants people to get paid for the data they create on big tech platforms through his Data Dividend Project, which establishes data as property rights under privacy laws like the California Consumer Privacy Act (CCPA).

Cambridge Analytica purchased Facebook data on tens of millions of Americans, without users’ knowledge, and used their likes to create personality profiles for the 2016 U.S. election. The scandal showed how data can be misused.

Watch the trailer for a documentary film about the Cambridge Analytica data scandal.

The ransomware economy is growing: attacks have become more frequent and ransom payments have reached the billions. Alarmingly, the U.S. government lacks understanding of ransomware attacks.

Surveillance

Surveillance Cameras

Cities in Northeast Ohio spend millions of COVID-19 stimulus dollars on surveillance cameras for law enforcement, in an effort to fulfill various safety initiatives, yet critics argue that additional surveillance infringes upon civil rights in addition to questioning the efficacy of crime reduction.

Studies indicate that cameras can reduce crime, specifically property crimes and vehicle crimes in parking lots, yet gaps and inconsistencies remain in research. The current study analyzes different types of cameras and their impact on crimes and crime clearances.

Official Airbnb policy allows the use of cameras and recording devices given that the devices are installed visibly and the camera use is disclosed. Many Airbnb consumers were not aware of security camera permission until a Twitter threat went viral.

Amazon’s Ring service comes packaged with Neighbors, a neighborhood watch app. While the Neighbors app may be beneficial in alerting towns of criminal dangers, the app has sparked controversy following a partnership with law enforcement agencies. Read to explore the controversy surrounding Amazon’s home surveillance service: Ring Neighbors.

Aerial Surveillance

The New York City Police Department illegally spied on Muslims, prompting a lawsuit that was settled.

Documents indicate U.S. Marshals Service flew unmanned drones over Washington, D.C., when nationwide protests against police brutality in the wake of George Floyd’s murder were at their height.

The Department of Homeland Security deployed helicopters, airplanes and drones over 15 cities where demonstrators protested the death of George Floyd, logging at least 270 hours of surveillance.

Customs and Border Protection (CBP) flew a Predator drone over Minneapolis while protesters demonstrated against police brutality.

The Federal Aviation Administration has increased efforts to license surveillance drones for law enforcement and other uses in U.S. airspace.

The U.S. Marshals Service has experimented with using drones for domestic surveillance.

Mass Surveillance

A large number of companies engage in constant surveillance of the population without peoples’ knowledge, tracking, profiling, categorizing, rating, and collecting personal data.

Globally, more than 1 billion cameras are being used for surveillance purposes. The growth in the global security camera industry has triggered debate over the implications and regulation of mass surveillance.

Apple’s CEO, Tim Cook, critiqued tech companies for monitoring user data, claiming that large scale surveillance could become a problem for society. Read to learn how surveillance could change the way humans behave and interact with one another.

Local law enforcement agencies across the U.S. have been using a cellphone tracking tool to follow billions of people’s movements. Supporters claim the technology’s use can fill the gaps found in understaffed and underfunded police departments, while adversaries argue the digital tool violates the Fourth Amendment.

Everyday lives of consumers are monitored and recorded. Pervasive digital tracking is used to make automated decisions and predictions about consumer behavior. Warning: your sensitive information is sold to promote corporate profitability!

Learn about the state of mass surveillance by the U.S. government and where it could go in the future.

In 2013, Edward Snowden gave journalists thousands of secret NSA documents, revealing mass surveillance of terrorist suspects and of innocent Americans. The leaks caused many people to criticize the previously secret NSA surveillance programs.

Technology

Pegasus, a spyware technology, has tools that extract the contacts of a phone, including texts and photos. The software has infiltrated the telephones of national leaders including Borris Johnson, the Prime Minister of the United Kingdom.

Following the shift to remote work, employee monitoring technology has been adapted at an astonishing rate. Monitoring technology can capture the websites employees visit, their active and idle time, and even analyze employee facial expressions. This article features an excerpt of a conversation between three data-privacy experts, who discuss the privacy issues of employee monitoring technology.

Dozens of Chinese firms have built software that uses artificial intelligence (AI) to sort data collected on residents.

Facewatch is a cloud based facial recognition system that strives to reduce shoplifting. Explore concerns over Facewatch’s controversial partnership with the police force.

Mobile spyware is a hidden malware that steals information, records audio, takes pictures, and tracks device location. Read to learn about spyware’s infection method and device remediation.

Pegasus is a spyware software intended to help governments pursue criminals and terrorists. Learn how Pegasus software operates and how such tools could be misused.

Surveillance cameras (also known as Closed-Circuit Television [CCTV]) are the main technology behind facial recognition processes. This brief article explains CCTVs, their uses, and subsequent concerns.

Government

The COVID-19 containment plan included a population-wide lockdown. To enforce an isolation policy, the CDC bought expensive access to mobile phone location data.

The Federal Bureau of Investigation (FBI) performed potentially millions of searches of American electronic data last year without a warrant, raising concerns about government surveillance and privacy.

While Ring promises to “make neighborhoods safer,” an NBC News Investigation found little evidence to support the company’s claim.

Explore what the NSA collects and how it obtains information.

After the 2013 Snowden leaks about the NSA, Pew Research Center explored people’s views and behaviors related to privacy by examining how people perceived government surveillance and commercial transactions involving the collection of personal information.

Documents submitted to the secret Foreign Intelligence Surveillance Court, known as Fisa court, revealed procedures that the NSA is required to follow to target non-US persons and minimize data collection from US persons.

Biometrics

General

Biometrics describes the data gathered from human characteristics. Biometrics could be physiological data like fingerprints, facial, and retina patterns, or behavioral, like voice and gait profiles. Recently, there has been a global uptake in the development of biometric programs, however, such developments have often sidelined the creation of legal frameworks to regulate biometric data.

Failure to secure and document informed consent to use biometric information has resulted in a wave of litigation in Illinois due to the Biometric Information Privacy Act (BIPA).

Biometric authentication is used for digital security, law enforcement, employee identification, and more. This article probes the policy and security challenges that are arising as we adopt biometric technology.

Learn about the difference between behavioral biometrics and physical biometrics, and the advantages and disadvantages of each.

Facial Recognition

Facial recognition refers to a technology that collects and processes biometric facial data. This short article explains facial recognition, offers examples of how the system is used, and concludes with warnings surrounding the technology.

Learn about facial recognition, including the history of it, arguments for and against it, the future of facial recognition and regulation, and privacy tips for using everyday things with facial recognition.

The IRS has arranged for the digitization of identity verification. Starting summer 2022, tax-filers will be required to submit an identity self-scan inorder to access personal records.

Airports, airlines, tech companies and government agencies are investing in biometric advancements, amidst the need for social distancing due to the pandemic. Not only does such technology verify identity, but it shortens security procedures for those who wish to utilize such technological features.

The Texas attorney general sued Facebook over its use of facial-recognition technology. Attorney Ken Paxton claimed the technology violated state privacy protection policy for personal biometric data.

Facewatch is a cloud based facial recognition system that strives to reduce shoplifting. Explore concerns over Facewatch’s controversial partnership with the police force.

Facial recognition helps authorities solve investigations in hours instead of days.

Facebook used a facial recognition system that automatically identified people in video and other content. However, the company was found to be wrongfully using the technology and after being sued by Illinois, the social-media platform shut down its user-tagging feature.

Ohio is spending $21.4 million to revamp its controversial facial-recognition software to better identify suspects and missing persons by matching their photos with updated driver’s license and mug-shot pictures.

Physical Biometrics

Record keeping is a challenge in hospitals, leading many medical centers to utilize biometric technology to correctly identify patients. Some ways in which hospitals are using biometrics is through iris and palm-vein scanning.

Security vulnerabilities have been identified in fingerprint scanning technologies. A Chinese security research team claims to be able to defeat fingerprint security within 20 minutes using inexpensive hardware and a mobile application.

Learn about how iris recognition works, what kinds of data are collected, who sells the technology, how law enforcement uses it, threats it poses, among other information.

The chances that you’ve had your voice’s unique biometric identifier recorded are high. JPMorgan Chase, Wells Fargo, Barclays, and U.S. Bancorp have all implemented biometric platforms to identify individuals via “voice print” authentication.

Biostar 2 is a security system used globally to safeguard commercial buildings. In 2019, a system vulnerability led to a data breach. More than 1 million credentials, including biometric fingerprint identifiers were exposed.

The FBI has requested to be exempt from federal privacy provisions that protect individuals personal information from misuse and abuse. The Electronic Frontier Foundation calls for legislation that would allow individuals to learn what data the government has on them and how that information is used.

Behavioral Biometrics

Traditional authentication methods like PIN and password are becoming largely inefficient. Advanced authentication methods like behavioral biometrics are a potential solution. This post explores the different types of behavioral biometrics and their use cases.

Behavioral biometrics, such as the way you press, scroll and type, can be used by banks and merchants to collect data on customers and verify that the user is who they claim to be.

Gait is a behavioral indicator used to identify a person based on their walk. Gait recognition systems observe characteristics like the human skeleton, silhouette, height, speed, and walking characteristics. Read to learn more about gait recognition, and the advantages and disadvantages of the technology.

The voice recognition and voice profiling industry is rapidly expanding, giving companies unprecedented insight into the behavior and habits of their consumers. This Q&A style report features Joseph Turows, an expert in the ad-tech industry.

With the cyber threat landscape growing and consumers becoming weary of endless password authentication methods, financial institutions have begun to assess biometric identification methods. Explore how biometric technology can enable banks to innovate online user authentication.

There are several behavioral biometric approaches on the market including typing biometrics, voice recognition, signing pressure, and gait biometrics, yet they are currently not accurate enough to be used for verification.

Big Tech

Facebook

The Texas attorney general sued Facebook over its use of facial-recognition technology. Attorney Ken Paxton claimed the technology violated state privacy protection policy for personal biometric data.

Facebook’s day-long crash revealed society's dependence on social platforms. The outage compromised marketing dependent businesses and posed connectivity risks.

Facebook has a fundamental problem, the company has no idea where its user data goes. According to a leaked internal document, Facebook privacy engineers admit to a lack of data control, and thus a struggle to respond to privacy policy commitments.

In August 2021, Facebook secured a U.S. patent allowing lenders to measure an individual’s creditworthiness based on a user's social networks. Will our Facebook friends soon be shaping our credit profiles?

Any student who accessed the webpage “StudentAid.gov” after January 2022 may have had their personal information shared with Facebook. Learn how Facebook gathers data from external websites using Meta Pixel, a tracking technology.

Facebook’s rules and guidelines for deciding what users can post on the site are revealed for the first time in a Guardian investigation, fueling debate about the ethics of the company, as many moderators have concerns about inconsistent policies.

After ProPublica revealed that Facebook advertisers could target housing ads to whites only, the company announced it had built a system to spot and reject discriminatory ads, yet issues remain.

Facebook executed an internal study in effort to understand how its platform shaped user behavior. The company concluded that its algorithms polarized users. Read to learn why Facebook no longer plans to combat platform divisiveness.

“Facebook is like Big Tobacco.” Members of congress seem to like this comparison, especially when describing social media’s impact on children. This video explores the similarities and differences Facebook shares with Big Tobacco.

Facebook gathers a lot of data about you. This data is primarily used for ad-targeting. Learn how Facebook tracks you and the strategies you can implement to regain digital privacy.

Documents prove that Cambridge Analytica used data improperly obtained from Facebook to build voter profiles.

What does Facebook know about you? This tutorial walks you through the personal information Facebook has collected. For example, the platform knows your preferences, political alignment, and habits.

Google

Earlier this year, Google recognized that policy and identity protections need to evolve. The data giant has agreed to broaden the scope of content removal from Google Search.

Google collects and stores a plethora of data. This resource reviews Google’s history of data leaks, cookie usage, user tracking, and more.

Google makes up more than 60% of the web-browsing market. Subsequently, a large portion of Google’s revenue can be attributed to the ad-tech industry. Following backlash from privacy advocates, Google proposed a new way to track web browsing. Read to explore the pro’s and con’s of Google’s proposed system.

Unlike its name, Chrome’s Incognito Mode isn't really private. Read to learn why Incognito Mode does not fully enable private browsing.

If you use Google products, such as Gmail and Google Search, your data is being collected. This resource enables you to see what data Google collects. Learn how Google keeps tabs on your location history, Youtube searches, Youtube watch history and more.

The Google sign up process is designed to allow data tracking. Consumer advocates and privacy regulators have argued against Google, calling for privacy friendly sign-up options.

Google intends to gradually block trackers, or cookies, from Chrome in mid-2023 and eliminate them altogether later that year.

Apple

Few corporations can steer away from the complex political and social issues of the day. This article examines the tech company Apple and how CEO Tim Cook championed customer data privacy.

BlastDoor is a security service that will roll out with Apple’s iOS 14 update. The feature focuses on preventing zero-click, iMessage based hacks.

Passwords have been the online security standard, however, the use of passcodes poses many risks. To combat password insecurity, Apple plans to end passwords and replace them with passkeys. Passkeys include biometric authentication methods, security keys, or PINS.

If you are an iPhone user, you may not be secure against malicious Pegasus installation. Pegasus spyware can collect emails, call records, sound recordings, and browsing histories. If you believe Apple products keep you safe from spyware, think again!

iOS 15.2 was rolled out in March of 2022. The headlined installment of Apple's update was its new privacy focused feature: App Privacy Reports.

To increase consumer privacy, Apple announced it would deprecate its Identifier for Advertisers (IDFA).

iOS 14.5 includes a new privacy tool, App Tracking Transparency, which could give consumers more control over how data is shared.

Apple and Big Tech

Big Tech opposes two two pieces of proposed legislation: The American Innovation and Choice Online Act, which prevents Big Tech from favoring their services over others, and the Open App Markets Act, which aims to promote competition on app stores.

Apple and Google, two of the world's biggest companies, have formed a multi-billion dollar partnership. It is estimated that Google pays Apple $8-12 billion a year to make Google the default search engine of Apple devices. At the same time, 15-20% of Apple’s revenue comes from its deal with Google.

Apple’s transparency update enables users to opt out of tracking. When given a choice, most people choose not to have their personal data tracked. Read to learn why Facebook is troubled by Apple’s transparency update.

The Biden administration has decided to study TikTok and other foreign controlled apps to investigate potential national security risks. To the FCC, the president’s ordained investigation is not enough – The federal communication regulator calls on Apple and Google to remove TikTok from their app stores.

Apple plans to start requiring iPhone owners to choose whether to allow companies to track them across different apps, yet the practice threatens Facebook as the company is reliant on it to target ads and charge advertisers more.

Amazon

Amazon bought its doorbell division, Ring, for over $1 billion in 2018. Learn how Amazon’s home surveillance device has raised privacy concerns and how the e-commerce company has a data sharing history with law enforcement agencies.

The American Innovation and Choice Online Act would prohibit Amazon from giving preference to their own products and limiting the availability of competing products, making the company oppose the bill and claim that the target of “self-preferencing” practices would cost them billions of dollars in fines. However, anti-monopoly advocates do not buy the company’s argument.

Amazon employs an Alexa voice review team, whose job is to listen and transcribe voice recording captured by Alexa. Read to learn how Amazon is addressing the privacy concerns around the Alexa voice review process.

Amazon is a tempting target for shareholder proposals and Amazon shareholders have valid reasons for discontent.

According to Amazon’s transparency report, subpoenas and search warrants received by the government have increased. The data demanded by the government includes information collected from Echo, Kindle and Fire tablets, and inputs from Amazon’s home security devices.

Big Tech

Explore where Big Tech companies make their money, specifically how they generate revenue and how it breaks down.

The American Innovation and Choice Online Act is a bill that targets Big Tech companies. While the need for tech regulation is widely agreed, the American Innovation and Choice Online Act will create more problems than it solves. Explore why WSJ authors are pessimistic about the bill.

Big Tech is pushing to pass friendly, watered-down state privacy bills to avoid greater protections.

Andrew Yang wants people to get paid for the data they create on big tech platforms through his Data Dividend Project, which establishes data as property rights under privacy laws like the California Consumer Privacy Act (CCPA).

In response to privacy concerns, San Jose created its Digital Privacy Advisory Taskforce. However, a series of emails obtained by Motherboard allude to clashes between Silicon Valley’s technologists and privacy experts.

Big Tech whistleblowers are rare and many don’t realize how complicit they are in their employers’ efforts to undermine privacy.

If you use Google products, such as Gmail and Google Search, your data is being collected. This resource enables you to see what data Google collects. Learn how Google keeps tabs on your location history, Youtube searches, Youtube watch history and more.

Congress is considering various rules to regulate Big Tech. One proposed solution is to set an age limit on social media sites.

Facebook, Apple, Amazon, Microsoft and Google are expected to emerge from a downturn stronger and more powerful in their respective markets.

Health Privacy

Health Data

The Markup tested the websites of America’s top 100 hospitals. 33 of them contained a tracker, called the Meta Pixel. Meta Pixel, a tool created and owned by Facebook, collects patients' sensitive health information.

Health insurers have been merging information from data brokers with individuals' health histories to predict patient outcomes. Aggregated information is then used to assess risk and determine profit maximizing price plans.

Many companies in the health tech sector have lax privacy practices, leading a group of nonprofits to call for a self-regulatory project to guard patients’ data when it’s outside the health care system.

The most extensive protection for personal health information is derived from the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is not currently understood to apply to fitness wearable and such lack of clarity creates a gray area over the industry’s use of health information.

Fitness wearables collect an array of data including one's heart rate, sleep patterns, stress levels, location, and sexual activity. Users need to be more aware of how unprotected health data could facilitate identity theft, drive up insurance premiums, and affect job status.

Facebook's user tracking code, Meta Pixel, has been found on the websites of crisis pregnacy and abortion centers. Read to learn about the advertising incentives and privacy concerns of storing health data.

Medical images, including X-rays, MRIs and CT scans, and health data belonging to millions of Americans, are unprotected on the internet and available to anyone with basic computer expertise.

Medical Cybersecurity

Internet connected medical devices are often targeted by hackers, leaving both patient data and health in danger. In April 2022, senators proposed a new bill that would require the FDA to issue medical device security guidelines.

Medical data transferred from a physician to a mobile app is no longer protected by HIPPA. IDX CEO, Tom Kelly, issues warnings and offers practical solutions to individuals who use mobile health apps.

The average U.S. hospital bed contains 10 to 15 internet-connected devices and the medical device market is expected to grow. As the number of connected medical devices expands, hackers gain an increased attack surface. Read to learn how medical providers, device manufacturers, and regulators can work together to ensure the safety of medical devices.

Iranian hackers planned a cyberattack on Boston Children's Hospital. The attack was thwarted, thanks to a partnership between the hospital and the FBI.

Most medical devices connect to hospital networks, cell phones, or other devices to share information.  As intertnet-connected devices become more widespread, it has become imperative to implement medical device cyber security. Learn about some tips from the Food and Drug Administration (FDA) to protect your device and personal information.

A new bill proposed by Sens. Jacky Rosen (D-Nev.) and Todd Young (R-Ind.) would require the Food and Drug Administration (FDA) to issue cybersecurity guidelines more regularly and share information about vulnerable devices on its website, following concerns on the vulnerabilities of medical devices to cyberattacks.

Reproductive Health Data

The Health Insurance Portability and Accountability Act (HIPAA), a federal patient privacy policy, has not kept up with technological advancements. For instance, HIPAA does not cover health care apps, fitness trackers, or at home-tests.

With Roe v. Wade overturned, concerns over digital privacy and data safety have amplified. Such concerns are not without reason as law enforcement could use one's location data and browsing history as evidence.

Following the ruling to overturn Roe v. Wade, digital rights experts warn that search histories, location data, messages and other digital information could be used by law enforcement agencies investigating or prosecuting abortion-related cases.

Out of the top 20 websites used for online aboriton pill purchase, 17 used unencrypted, non-secure, HTTP. This statistic sheds light to the ease of accessing online personal data concerning aboriton. Now that Roe v. Wade is overturned, such information can be demanded by law enforcement agencies to enforce anti-abortion laws.

The Supreme Court's decision to overturn Roe v. Wade raises questions about whether and how tech companies should protect the information of users seeking reproductive health care.

Four period tracking apps, Drip, Euki, Lady Cycle, and Periodical, were evaluated on the basis of user security. CR’s Digital Lab tested how well products and services protected consumer privacy. With concerns growing over reproductive health privacy, period tracking apps are under pressure to improve privacy policies.

Genetics

DNA data laws are filled with loopholes, yet people continue to put their DNA on the internet, creating the need for new genetic privacy laws.

The centiMorgan (cM) measures how much DNA we share with others, specifically the length of identical segments that two people share due to descent from a common ancestor. This makes it possible to be tracked down without ever personally submitting DNA.

Genetic testing companies, like Veritas Genetics, Ancestry and 23andMe, come with privacy risks that are not well understood by consumers.

An investigation by Consumer Reports found that direct-to-consumer genetic testing companies employ policies and practices that may unnecessarily compromise consumers’ privacy. While these companies do a relatively decent job of protecting DNA data, the many types of non-DNA data they gather are not treated with the same care.

A data breach associated with DNA Diagnostics Center (DDC), a national genetic and paternity testing organization, led to hackers accessing the personal information of more than 2.1 million people. While no genetic information was stolen and the breach was limited to the archived system, hackers accessed full names, social security numbers, credit and debit card numbers and CVV, financial account numbers, and the breached system’s password.

Investigators used GEDmatch to pinpoint and arrest the Golden State Killer, yet many consumers utilize genetic testing companies without fully understanding the issue of genetic privacy.

COVID - 19

Cybercriminals have discovered a massive profit opportunity in the midst of COVID-19. During the pandemic, hackers have targeted the vaccine distribution and supply chain.

During the pandemic, a plethora of digital tools were introduced, each embedded with questionable data collection features. A YouTuber accepted the controversial tools (e.g. tracking apps) under the guise of COVID-19. Watch to learn how the government used and abused its citizens' personal data.

Explore how the increase in telehealth usage has remained relatively stable since June 2020.

Due to COVID-19, many individuals were forced to engage in online work, education, and activities, leading to increased tracking and data sharing with third parties.

During the coronavirus outbreak, Pew Research Center surveyed Americans on their views related to privacy, personal data, and digital surveillance. Explore 10 takeaways from the research.

Norman Fenton is a Profession of Risk Management and specializes in risk management for critical systems. In this presentation, Dr. Fenton discusses the probabilistic models used during the COVID pandemic, and how those models inaccurately presented COVID data to the general public.

In mid 2020, Connecticut police announced the use of “Pandemic Drones,” used to monitor the enforcement of covid rules. The drones were able to enforce social distancing and detect respiratory abnormalities.

Data Brokerage

The Data

Data brokers are sites that legally gather and sell your information. These sites use automated software to harvest information from tech companies, telecommunication providers, credit bureaus, tax records, court records, and other public sources. Your personal data is then unified and sold at a listing price of $20.

The Acxiom Corporation, a marketing technology company that has collected details on many adults in the United States, released a free website where consumers can view some of the information the company has collected about them.

Data brokers, among selling other sensitive consumer information, have begun selling real-time location data. Information on the number of times and duration an individual visited a location can be purchased for a small fee or no cost at all. Read to learn how private companies intimately track American’s daily lives.

Privacy Rights Clearinghouse estimates that there are over 500 data brokers in the U.S. With a vast number of companies collecting and selling your personal information, it is crucial to combat data tracking. Explore how you can keep your data from brokers.

Explore what we know and do not know about the consumer data industry, including how much companies know about individuals, where they get the information, buying and selling limits, and other findings.

Learn how you can obtain your data from Cambridge Analytica, ALC Digital, Facebook, Google, Experian, Epsilon, and Oracle, as well as what you may receive from each company.

The Brokers

The multibillion-dollar data broker industry collects your personal data and resells it to others. This unregulated, invasive industry has been mediating surveillance capitalism.

The new Vermont law requires companies who buy and sell third-party data to register with the Secretary of State. The law has revealed 120 U.S. based data brokers.

Data brokers have histories of breaches, hacks, and privacy complaints. This resource provides a timeline of activities and abuses of data brokers from 2000-2018.

Oracle is a preeminent databroker who specializes in marketing and ad-targeting. This research tool introduces the broker, and provides crosslinks to explore related news and updates.

Acxiom is a marketing broker who aggregates and links consumers information to provide highly personalized ads. This research tool introduces Acxiom and provides an overview of the company's activities.

Equifax endured a cyberattack where hackers gained access to information including social security numbers, driver’s license numbers, names, birth dates, and addresses.

In 2012, more than 23,000 computer servers were collecting, collating, and analyzing consumer data for the Acxiom Corporation. The company has amassed a large commercial database on consumers, collecting data points on individuals.

An Epsilon breach exposed the e-mail addresses, and some names, of customers of some of the largest companies in the country.

Data Brokers and Politics

Collectively, data broker spending on lobbying in 2020 rivaled the spending of individual Big Tech firms like Facebook and Google. This article explores how the data broker industry is spending money on lobbying, often in an attempt to avoid data security and privacy regulation.

Cambridge Analytica was a political consulting firm that got caught in a scandal for misusing millions of users’ Facebook data. This post argues Cambridge Analytica failed to produce a proper legislative repose. Personal data is continuously exploited by data brokers who are hardly regulated.

Jordan Abbott, chief data ethics officer for Acxiom, believes that until the United States has a national privacy law, a national data broker registry should be implemented to help consumers differentiate good data actors and bad ones.

Federal privacy bills don't give sufficient attention to data brokers. This opinion piece claims data brokers are the “middlemen of surveillance capitalism” and a threat to democracy. Read to learn how data brokers purchase, aggregate, and repackage sensitive data, with virtually no restrictions.

After Motherboard’s findings that data firms were offering information pertaining to visitors of Planned Parenthood abortion clinics, the House Oversight Committee began investigating the privacy of reproductive health data and demanding more information from data brokers and companies that manage period tracking apps.

Following the 2017 data breach of Equifax, Vermont enacted an unprecedented bill to regulate data brokers. Read to learn how Vermont’s regulation strives to improve consumer data protection.

Given how quickly personal data can be spread, sold, and shared, David Hoffman, associate general counsel and global privacy officer at Intel Corporation, advocates for congress to pass comprehensive federal privacy legislation to protect the privacy of individuals.

Privacy Concerns

Data brokers pose problems to individuals and businesses alike. For starters, a leaked IP address could lead to network eavesdropping and communications hijacking.

Learn about what a data broker does and how they are legal.

For decades, policy makers have expressed concern over the lack of transparency in the data broker industry. In this report, the Federal Trade Commission conducts an in-depth study of nine brokers and their practices.

A dataset revealed more than 50 billion location pings from the phones of more than 12 million Americans, with each piece of information illuminating the precise location of a smartphone. This information was alarming to many as the findings could easily be abused.

This report examines 10 major data brokers and the data they hold on individuals, as well as addresses the policy implications for the United States.

Mobile Apps

Spotify

Everything you do on Spotify is tracked: every tap, track played, playlist created, and podcast listened to is fed to the app's big data machine.

Learn how Spotify Targets and delivers real-time advertisements.

Big tech is using personal data to creep on you. Learn how Tinder tracks your casual encounters, how Netflix analyzes your viewing trends, and how Spotify is creating increasingly targeted advertisements.

Spotify provides a unique data set for the marketing industry. For starters, musical attributes can be used to predict an individual's mood, resulting in the deliverance of more relevant ad targeting.

Twitter

Unlike other social platforms, Twitter is a place where politics and journalism live. Journalists and the media have large control over what people are feeling, thinking, and believing. While many consider Twitter solely as a platform for free speech, the app also has large control over the political and democratic landscape. Tune in to this episode of Your Undivided Attention to learn about the risks and opportunities Elon Musk faces as the new Twitter owner.

Elon Musk claims he will introduce end-to-end encryption for Twitter's direct message feature. While encryption is a step in the right direction, even when encoded, messages will not be 100% private.

When you send a direct message on Twitter, three people have access to that message: you, the recipient, and Twitter itself. Elon Musk plans to implement end-to-end encryption, disabling Twitter from accessing your private messages. Read to learn more about Musk’s plans and if experts agree with his platform renovation ideas.

Hackers gained access to an internal admin tool and compromised high profile Twitter accounts (e.g. Elon Musk and Barack Obama). Learn how Twitter was at fault for this attack and how implementing end-to-end encryption could have safe guarded the social network company from the attack.

Learn about a few tweaks that you can make to stop Twitter from sharing your information.

TikTok

TikTok has an estimated 90 million U.S. users, many of whom are children. A coalition of state attorneys general are launching an investigation into TikTok to examine the psychological effects on young users.

The Biden Administration ordered a review of apps controlled by foreign adversaries. Of the apps reviewed, TikTok was highly scrutinized. Read to learn why TikTok was flagged as a security threat and what government officials are doing to address the data security problem.

A Wall Street Journal investigation sought to uncover the processes that enables TikTok’s addictive algorithm. The analysis revealed that amount of time one lingers over a piece of content is the largest determinant of user engagement.

TikTok was labeled a national security threat by former President Donald Trump. While TikTok’s parent company is independent from the Chinese government, fears arose over the possibility that TikTok will be forced to share user data.

TikTok, the highly scrutinized social media app, faces yet another lawsuit. Two parents filed suit alleging the company’s algorithm motivated minors to participate in the deadly ‘blackout challenge’.

Dementia-related hashtags have accumulated billions of views on TikTok, and are part of a growing category of posts related to medical conditions and disorders. The goal of these posts is to raise awareness and reduce stigma, yet controversy remains. There is debate about privacy and consent when caretakers post videos of those with dementia, at times when they are confused or acting out, to offer tips, provide education, vent frustrations, and find support online without permission of the individual battling the condition.

Dating Apps

Since 2017, Grinder has been collecting and selling user location data. In 2020, the dating app ceded sharing user information with ad partners.

How safe is a user's personal data when provided to online dating sites? This article examines the types of demographic data collected by online dating apps, the associated privacy struggles, and suggested security improvements.

Match Group, which owns Tinder, Hinge, Match.com, OkCupid, PlentyofFish and others, is investing in Garbo, a startup that helps app users conduct background checks on prospective dates.

While online dating is a common way for adults to find new relationships, the ease with which underage users can create profiles remains largely unaddressed, allowing many to lie about their birthday and begin interacting with others.

Instagram

Instagram uses a variety of algorithms to rank content. Each part of the app; feed, explore, and reels, are ranked based on user generated signals and statistical predictions. This post sheds light on how Instagram’s technology works.

Following rising privacy concerns, Instagram started to make cookies more user controllable. The social media platform plans to provide users with a cookies privacy section.

An Instagram profile reveals an abundance of personal details. This article offers tips and tricks to protect your privacy on Instagram.

A critical vulnerability was found in Instagram's code that allowed hackers to gain control of a user's social media account and mobile device. Read to learn how this vulnerability works and how to stay safe on Instagram.

Like most social media apps, Instagram makes money through advertising. Learn how Instagram uses your data for ad-targeting and the strategies you can implement to limit the platform's data collection.

Instagram has labeled several posts about aboortion rights as sensitive content. Following the censorship of abortion realted information, questions concerning the platform’s content moderation algorithm arose.

Snapchat

Snapchat is a mobile app used for chatting and video. This post analyzes Snapchat's privacy policy and proposes user data control strategies.

Snapchat gained its popularity through its “disappearing” photos feature. From the margins, this feature may allude to user privacy. In reality, snap memories are saved on Snapchat’s servers and deleted snapchats can easily be recovered.

Secret Service Director James Murray stepped down from his position and accepted a job as the chief security officer for Snap Inc., the owner of Snapchat.

A Snapchat data breach exposed payroll information, social security numbers, and names of roughly 700 employees. The attacker posed as the company’s chief executive and tricked an employee into emailing the sensitive information.

Thousands of Snapchat account credentials were available on a public website during a phishing attack that impacted over 55,000 accounts. The attack relied on a link sent to users that, when clicked, opened a website that mimicked the social media company’s login screen.

Miscellaneous

Following the mass shooting in Highland Park, Illinois, concerns about tech companies’ moderation efforts rise, especially since the shooter posted violent content on YouTube and other platforms prior to carrying out the massacre.

Despite Mark Zuckerberg’s assurance of secure WhatsApp messages, WhatsApp has more than 1,000 contract workers in Austin, Texas, Dublin and Singapore sifting through millions of private messages, images, and videos.

The gunmen from the Uvalde and Brooklyn shootings used a combination of apps including Snapchat, Instagram, Discord, and Yubo to meet people and share violent plans. These apps, designed to keep communication more-private, are ill-equipped to police such content.

The Internet of Things and Artifical Intelligence

The Internet of Things (IoT)

The content on the internet appears to be free. It’s not! We pay for it with our data. The Internet of Things consists of devices, like smart-phones and watches, that collect and sell our sensitive data.

The Internet of Things allows connection to everyday objects: devices include kitchen appliances, cars, thermostats, and baby monitors. Learn about IoT and its industry-wide applications.

Unmanaged IoT devices are growing in number, creating an extended attack surface. As the attraction of IoT devices remains authentic, there is a pressing need to tighten device security. Read to learn about the risks of insecure IoT devices and the rewards to implementing IoT protection strategies.

Generic security protocols have been failing to secure IoT devices. This post describes the common problems associated with implementing IoT security standards and calls for an overarching system of regulations.

A blockchain is a series of distributed data records that are linked together to become an immutable digital ledger. As the number of IoT devices are forecasted to grow exponential, blockchain technology can provide much needed device security.

Consumer IoT Products

The most extensive protection for personal health information is derived from the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is not currently understood to apply to fitness wearable and such lack of clarity creates a gray area over the industry’s use of health information.

Smart devices, or IoT devices, are becoming more common and providing retailers with another data access point. Learn how IoT providers benefit from the influx of IoT generated user data, yet consumers pay for the device and risk losing sensitive data.

Amazon keeps a copy of everything Alexa records after it hears its name.

Smart speakers rely on voice commands to perform a task. Skill squatting occurs when bad actors expose users to risks by redirecting commands to malicious gateways. These malicious re-routes can grant hackers access to password information or a home network.

Peloton is an exercise media and equipment company with more than 3 million subscribers. In 2021, a system bug exposed users' private data including a person's age, gender, city, weight, and workout history.

Fitness wearables collect an array of data including one's heart rate, sleep patterns, stress levels, location, and sexual activity. Users need to be more aware of how unprotected health data could facilitate identity theft, drive up insurance premiums, and affect job status.

The Metaverse

Meta and Microsoft are building technology to enable the metaverse. While the idea of a metaverse has been popular among tech companies, the constitutions of an immersive internet are largely vague and undefined. Read to learn what a metaverse is and what tech giants predict the metaverse will become.

The metaverse has gone mainstream and has a wide range of use cases from the consumer-facing level to the enterprise setting. This review details how different industry sectors envision the metaverse.

The Pew Research Center surveyed technology experts, asking their opinion about the trajectory and impact of the metaverse by 2040.

Digital rights advocates have sounded the privacy alarm following Big Tech’s plan to create immersive VR spaces. In a metaverse future, tech companies profit off of expanded data collection capabilities. VR headsets collect more data about us than traditional screens.

The transition to the metaverse is expected to be more complication in China than the U.S. While the U.S. has loose tech regulation, China has established subcommittee to create specific standards for the metaverse.

The Business Research Company projects the Augmented Reality/Virtual Reality (AR/VR) education-technology market to reach $32 billion by 2026. K-12 schools and universities have already adopted AR/VR tools for hands-on science courses, career exploration, and skill development operations.

Smart Cities

Smart city technology has opened up endless possibilities for surveillance monitoring. This report overviews the positive and negative aspects of big data and smart cities. When considering both benefits and downfalls, one thing remains clear: data privacy must remain central in policy making as the world transitions to smart cities.

In 2017, Toronto confirmed a smart city renovation guided by Sidewalk Labs, a Google owned urban development firm. However, the smart city plan failed. Experts argue that the city wasn't ready for a data rich future. Toronto’s residents could not tolerate private-sector control of their municipality.

When creating digitally smarter cities, personal data privacy is often bypassed. This article considers arguments for and against creating smart, yet, privacy lacking cities.

The term 'smart city,' has become synonymous with high-tech urbanization. This review calls for a more expansive concept of smart cities – a definition that encompasses a wide range of urban innovation and considers the interplay between the community, local government, and the private sector.

Cloud technologies play a central role in smart government applications. Smart cities integrate data, analytics, and security to produce beneficial business insights.

Discussions of adopting autonomous vehicles (etc; the mass development and production of self-driving cars) have become more and more common. The advocates of personal use, autonomous vehicles, often ignore vehicle security, congestion, and emission issues. On the other hand, critics claim self-driving cars would be impractical in a city environment, especially following estimates of sustained population growth.

Artifical Intellegence (AI)

When artificial intelligence is added to the Internet of Things, you get the artificial intelligence of things (AIoT). AIoT allows devices to analyze data and make decisions without human involvement.

The European Union wants to regulate artificial intelligence through the EU AI Act. Listen in on a conversation with Mozilla Foundation's Executive Director Mark Surman, as he describes the key facts of the EU AI Act.

According to Google’s CEO, AI will have a greater impact on society than fire or electricity. Explore 7 AI trends that have been transforming technology in 2022.

Businesses love big data. When big data is fed to AI systems, companies gain unprecedented insights into their customer base. However, without a strong AI privacy policy, businesses can face significant financial loss and risk a company reputation.

GPT-3 is a language model that relies on algorithms to read and produce text. This article overview GPT-3, its strengths, and privacy weaknesses.

Research Tools

Web Tools

The National Institute of Standards and Technology (NIST) seeks to enable better privacy engineering practices that support privacy by design. Explore NIST’s Privacy Framework, a tool for improving privacy through enterprise risk management.

Interested in buying a smart device? Recently downloaded a mobile app? Mozilla’s Privacy Not Included will generate a privacy report to aid your purchase decision making.

Explore a tool that tracks proposed and enacted comprehensive privacy bills.

Explore a state-by-state interactive map that tracks privacy legislation in the U.S.

Explore consumer privacy legislation across the United States.

This interactive site explores the top 902 most prevalent web trackers.

This resource is an interactive website privacy tracker. Enter in a link and see which user-tracking technologies are hosted on the site.

IT Governance has created a series of green papers to help organizations acknowledge incoming cyber threats, craft protective cybersecurity solutions, and comply with legal and industry regulations. Explore the green papers related to cyber security, data protection, security testing, and more.

A breach is an incident that exposes confidential, sensitive, or protected information to the public. Enter an email address or phone number and discover if your data has been exposed.

If you use Google products, such as Gmail and Google Search, your data is being collected. This resource enables you to see what data Google collects. Learn how Google keeps tabs on your location history, YouTube searches, YouTube watch history, and more.

What does Facebook know about you? This tutorial walks you through the personal information Facebook has collected. For example, the platform knows your preferences, political alignment, and habits.

Google personalizes ads based on your personal information, data from third-party adversitizers, and search history. Explore the categories Google has created concerning you.

Changes in demographics, technology, student needs, and budgetary pressures have directed the education industry to digital transformation. Learn how the educational environment can use data to adapt to change.

Articles

The Mozilla foundation works to ensure internet accessibility and availability. Within this goal, Mozilla seeks to improve internet health and build trustworth AI systems. This page documents Moziall’s current movement.

52% of Americans have decided not to use a product of service due to privacy concerns. This report provides statistics encapsulating the American view of privacy and surveillance by companies and governments.

A majority of Americans report using YouTube and Facebook, while adults under 30 years old more commonly use Instagram, Snapchat and TikTok.

Smartphones can unobtrusively collect behavioral data including data pertaining to social interactions, daily activities, and mobility patterns.

Explore the change in the most popular online platform amongst teens and the mixed views youth have on the impact of social media on their lives.

Explore the patterns and trends of mobile ownership and dependency.

Governments, banks and other enterprises are using iProov’s biometric identity authentication to verify individuals.

The Trellix Threat Labs Research Report analyzes cyberattacks and threats, including ransomware and those that target Ukraine.

Explore the increasing malware rates.

Privacy Policies

General

The Center for Plain Language ranked privacy policies on how easily they could be understood; those that ranked higher avoided jargon and confusing sentence structure, and were clearly organized.

The length and readability of privacy policies from about 150 websites and apps were assessed using the Lexile test, revealing that most privacy policies exceed the college reading level.

97% of Americans say they have been asked to agree to a company's privacy policy, yet relatively few report reading and understanding these policies. This report by the Pew Research Center explores the demographic differences in reading privacy policies and provides statistics encapsulating the American opinion of corporate data accountability.

When confronted with an app’s privacy statement, we habitually agree to its terms and give companies legal consent to use our data. Our incurious acceptance of privacy policies is often driven by the lengthy nature of privacy policies.

Big Tech

Explore Microsoft’s commitment to privacy.

Explore the information Google collects and how they use personal information.

Explore the personal data Microsoft collects, how it is used, and why the company shares it.

Explore how Apple collects, uses, and shares your personal data.

Explore what information Facebook collects and how it is used and shared.

Social Media

Explore what data LinkedIn collects, how it is used and shared, and your choices regarding the information.

Explore how Twitter collects, uses, and shares your personal data.

Explore what information Instagram collects, how it is used, and what is shared with others.

Explore the information that Snapchat collects, how it is used, whom it is shared with, and the controls the company gives users to access, update, and delete information.

Explore the information TikTok collects and how it's used.

Retail

California Consumer Privacy Statement applies solely to California consumers. Tiffany & Co. outlines personal information that may be collected.

Explore the personal information that Tiffany & Co. collects, how the company uses the data, who it is shared with, and the measures taken to protect the information.

Explore the types of information Dick’s Sporting Goods collects, the choices you have surrounding such information, and how personal data is collected, used, shared, updated, and secured.

Communication

Explore the information WhatsApp collects, how it is used, and what personal data is shared.

Explore how Slack collects, uses and discloses information and what choices you have regarding personal data.

Explore the security and end-to-end encryption that Signal uses to provide private messaging, Internet calling, and other services to users.

Internet Service Providers

Explore how T-Mobile collects data, the personal data the company collects, how it is used and shared, how it is protected, and your personal data choices.

Explore the information Verizon collects, how it is used and shared, your choices about uses and sharing, and your rights under certain privacy laws.

​​Explore the information AT&T collects, and how it is collected, used, and shared.

Credit Cards

Explore the types of personal information Mastercard collects, why it is collected, the other parties with whom the company may share the information with, and the measures taken to protect the security of the data.

Explore how Visa collects, uses, and discloses personal information.

Explore how American Express collects, uses, and shares information.

Miscellaneous

Explore how Uber utilizes personal data.

Explore how Lyft collects, uses, and shares your personal information.

Explore how BP American processes your personal information.

Explore what personal information Airbnb collects, how the information is used, and what is shared with others.

Explore the privacy practices that Fitbit implements for their devices, the information collected, how it is utilized, how it is shared, individual rights to control and access personal data, and the measures the company takes to keep data safe.

Explore the privacy implications of using the webpage StudentAid.gov and the myStudentAid app, both of which are operated by the U.S Department of Education.

Explore the types of information The Walt Disney Company collects, and how it is collected, used, and shared.

Court Cases

Big Tech

Amazon faces another class action lawsuit for allegations of its Alexa device recording users’ conversations without warning or consent.

Microsoft faces a class action lawsuit for allegations of violating the Illinois Biometric Information Privacy Act (BIPA) by collecting facial biometric data of users of its Photos app on Windows 10 and Windows 11.

Apple and Google face lawsuits for allegations of violation of privacy by voice assistants, including Siri and Google.

The 3rd U.S. Circuit Court of Appeals in Philadelphia said it could not tell whether a $5.5 million settlement was fair in Google’s class-action lawsuit and said a lower court judge should revisit the case.

Big Tech and Social Media

Google and YouTube will pay $136 million to the Federal Trade Commission (FTC) and $34 million to New York for violating the Children’s Online Privacy Protection Act (COPPA) Rule for YouTube illegally collecting personal information from children without parents’ consent.

Meta turned off some augmented reality (AR) features on Facebook, Instagram, Messenger, Messenger Kids and Portal due to laws regarding privacy and facial recognition in Illinois and Texas.

A $650 million settlement was reached in a privacy lawsuit against Facebook for the company allegedly using photo face-tagging and collecting other biometric data without the permission of its users.

Explore one of the court documents from the Facebook lawsuit resulting in a $650 million settlement.

After a Facebook class-action lawsuit, the company agreed to pay $650 million to end the litigation, allowing about 1.6 million Illinois residents to collect $397 by check or direct deposit. The lawsuit alleged that Facebook violated Illinois residents’ rights by collecting and storing digital face scans without permission. The state’s Biometric Information Privacy Act allows consumers to sue companies for privacy violations involving fingerprints, retina scans, facial geometry and similar data.

Facebook agreed to pay $52 million to thousands of workers who suffered the psychological consequences from reviewing posts depicting acts of suicide, murder, child abuse and other disturbing content.

Facebook violated a 2012 Federal Trade Commission (FTC) order by deceiving users about their ability to control the privacy of their personal information and now has to pay a $5 billion penalty and make changes to increase accountability and transparency about users’ privacy.

Facebook said it would delete more than 1 billion users' facial templates following a settlement of a class action lawsuit in Illinois in which Facebook agreed to pay $650 million for allegedly using face-tagging and other biometric data without the permission of users.

A Facebook lawsuit that settled for $550 million alleged that Facebook broke Illinois’ Biometric Information Privacy Act, which allows people to sue companies that fail to get consent before harvesting users’ data, including through facial and fingerprint scanning.

Social Media

TikTok’s parent company, ByteDance, agreed to pay $92 million as part of a class action lawsuit to settle allegations pertaining to harvesting personal data without consent.

After Twitter failed to tell its users for years that it used their contact information to help marketers target their advertising, the company agreed to pay $150 million in fines.

The Federal Trade Commission (FTC) takes action against Twitter for deceptively using account security data for targeted advertising. The company faces a $150 million penalty and is banned from profiting from the data collected deceptively.

A lawsuit claims that Snapchat violated the Illinois Biometric Information Privacy Act (BIPA) by failing to collect a release from users authorizing the company’s collection of private information as the company stores and shares facial features and voices without providing required disclosures.

Miscellaneous

Shutterfly settled a class action lawsuit for $6.75 million after violating the Illinois Biometric Information Protection Act (BIPA) by collecting and storing Illinois residents’ biometric data without consent.

Clearview AI, a face surveillance company claiming to have captured more than 10 billion faceprints from peoples’ online photos, agreed to a new set of restrictions that ensure compliance with the Illinois Biometric Information Privacy Act (BIPA).

The developer of Flo Health, Inc. has settled Federal Trade Commission allegations that the company shared the health information of users with outside data analytics providers after promising that such information would be kept private.

The Federal Trade Commission announced a settlement with Zoom Video Communications, Inc. that will require the company to implement a information security program to settle allegations that the video conferencing provider engaged in a series of deceptive and unfair practices that undermined the security of its users.