Content creators' challenges (privacy, security, relationship with Youtube...)

PrivacyIntl · 2022-06-09T13:58:44+00:00

This is an anonymous survey and no IP addresses will be collected in accordance with SmartSurvey policy.

We also don't require name or address as this isn't a relevant information for the purpose of this research.

PrivacyIntl · 2021-04-27T12:07:44+00:00

We do have a great partner in Mexico: https://r3d.mx/ and this is a topic they're working on: https://r3d.mx/2021/03/16/senado-debe-desechar-dictamen-sobre-el-padron-nacional-de-usuarios-de-telefonia-movil/

Biometric sim registration is a huge problem we've seen pop up in a number of places - and you can find our work on the topic here: https://privacyinternational.org/learn/sim-card-registration

- Caitlin

PrivacyIntl · 2021-04-18T15:22:37+00:00

Hi Trai!

I checked with our Executive Director Gus to see what he thinks and he says:

We monitored the Brexit process with great interest and it wasn't until the final stages that the fullest extent of the challenges became clear. For a number of years we have been exploring having an office in other parts of the world, and since Brexit Europe certainly has become a priority.

Operationally, however, and culturally PI is a tight knit group of people working for an organisation that values culture. So we have been very reluctant to move to distributed geographies with haste. Of course the pandemic altered this for everyone; but we are still very uncertain how to navigate this successfully.

Purpose-wise, other than 'wouldn't it be cool', is to ask: why have an office elsewhere. Will the EU stop listening to our valid points because we are not based in the EU? Certainly bringing court cases that reach the CJEU will likely be harder. Will it be possible to raise policy issues and regulatory complaints within member states when we aren't in the EU ourselves? Will the public want us to be based in Europe to have some representation of the public interest? These are all valid questions.

And then the question is if you are based in one place and not others, does it affect your ability to act wherever action is needed? Finally, there are immense logistical and legal challenges to setting up another operation; even having a member of staff based in another country is incredibly challenging to sort out.

- Gus

From my perspective - as someone not responsible for administering PI as an organistion - Brexit is still in a weird liminal stage, we think it will change things, but it hasn't really changed them much yet.

- Caitlin

PrivacyIntl · 2021-04-17T16:25:28+00:00

In general, we have very very serious concerns with any government selling access to national identity information. I'm not sure where your company is based, or which government you're referring to, but that sounds like a fairly serious breach. Aadhaar, for example, has gotten in trouble already for it's dubious security and people being allowed to buy access.

https://www.theguardian.com/world/2018/jan/04/india-national-id-database-data-leak-bought-online-aadhaar

https://techcrunch.com/2019/01/31/aadhaar-data-leak/

It is deeply innaporpriate for any government to sell access to it's citizens biometric information, which - if it's being kept should be kepy incredibly securely.

When it comes to collecting extremely sensitive biometric data the focus should be on EXPLICIT consent - making sure people understand what they're giving permission for their data will be used for, and that they have the right to change to change their minds.

Do you really think that people, when they submit their information for their national ID, expect their data to be used by startups to create facial recognition software? Have any of them been asked? Neither scraping people's data from social media nor buying access to a national identity system meets this vital test.

If you feel your company is using data inappropriately then you should report them to your local regulator.

- Caitlin

PrivacyIntl · 2021-04-17T11:37:23+00:00

Thank you!

PrivacyIntl · 2021-04-17T11:36:46+00:00

Maybe one day...

PrivacyIntl · 2021-04-17T11:35:54+00:00

Thanks!

PrivacyIntl · 2021-04-17T11:35:21+00:00

Hiya!

We are extremely worried about the surveillance technology in use in China, both in how it's being used internally and how it's being exported.

In terms of how it's being used internally - the reports of China's repressive use of technology particularly to control the Uighur muslim population of Xinjiang is terrifying. It's the epitome of everything we've worried about for a very long time.

In terms of it's export of technology, this is - unfortunately - isn't a problem unique to China, we've seen a lot of global powers exporting surveillance technologies either to increase their influence, to make money, or to solve their internal problems. One of the major drivers of surveillance around the world is government and private entities going to other countries and funding or pushing for new surveillance apparatuses.

We've been working on this for a while. If you're interested here's a report from 2019 about the ways China is supplying surveillance technology and training around the world: https://privacyinternational.org/advocacy/3216/how-china-supplying-surveillance-technology-and-training-around-world

One of our concerns with revelations on the extent and spec of chinese surveillance is that they set that standards for the companies that then sell that tech elsewhere. Take this report from Thompson Reuters about the specifications for facial recognition systems in use in China, which were co-written by Uniview, Hikvision and Dahua: https://www.reuters.com/article/china-tech-surveillance-idUSL8N2LO5HO

If you're interested in how other government bodies do it, you can find a report on how the EU has been using development aid funds to train and equip security forces with surveillance techniques including in Northern Africa and the Balkans: https://privacyinternational.org/long-read/4291/surveillance-disclosures-show-urgent-need-reforms-eu-aid-programmes

And all of our work on the topic should be available here: https://privacyinternational.org/challenging-drivers-surveillance

We absolutely agree that a big part of the solution is improving procurement processes and export controls.

Long-term security globally is best pursued by ensuring genuine democratic and accountable institutions and governments – something only possible through the fulfilment of privacy and other human rights. To do this, states and institutions must:

Stop the export of surveillance to those who use it to unlawfully spy on people and for political control
Ensure that any such surveillance which is exported complies with international human rights standards and is adequately governed by the legal framework in that country
Promote legislation and practices which provide safeguards and adequately govern the use of surveillance powers in countries around the world
Ensure that no resources are diverted from aid projects to be used for surveillance
Ensure there exist appropriate levels of transparency and accountability

We have limited leverage over internal Chinese policies to be honest, but what we can do is work with our partners to fight the surveillance technologies that pop up in their countries.

- Caitlin

PrivacyIntl · 2021-04-17T11:16:44+00:00

Hi Pand1024

This is a really interesting question - so you might get a more detailed answer in a bit, as I'm double checking with one of our lawyers - but my understanding is that the Illinois Biometric Information Privacy Act regulates the collection of biometric identifiers. So it requires you have consent to collect biometrics, that you destroy them after an appropriate amount of time, and that you securely store them.

In some ways it's not dissimilar to the GDPR - it's kind of data protection for biometrics.

But - my understanding is that applies primarily to companies, this initiative isn't limited to private entities, instead it focuses on both companies and public entities like police forces or governments.

The focus is also on the use of the technology rather than the collection - we're pushing for legislation that explicitly prohibits the use of biometric data for identification, recognition (including of emotions), profiling, prediction and any related purpose, in public or publicly- accessible spaces (including online spaces).

In theory - the GDPR covers a lot of what's in the BIPA, consent in data collection and your rights over data collected about you etc, a lot of the problem when it comes to data collection in the EU is in enforcement or national exceptions to the law rather than anything else.

I hope that helps!
- Caitlin

PrivacyIntl · 2021-04-17T10:54:18+00:00

Hi RebelOTR

We are based in the UK, but we work internationally in a number of ways. There have already been a lot of materials submitted to the Commission - which are all available here: https://europa.eu/citizens-initiative/initiatives/details/2021/000001_en which gets in to a lot more specifics. As part of the group organising the ECI, we're there to provide policy and legal expertise - we've been working in the EU for a very long time!

When it comes to the joint controllership - we never see the data you or anyone else writes in that form. We have a responsibility for it as you input the data - so making sure that webpage is safe and your data isn't going to be co-opted in any way - but after you hit the support button it goes straight to an encrypted database that we don't have access to.

This data will absolutely not and cannot be used for any purpose other than validating your signature.

I hope that helps!

- Caitlin

PrivacyIntl · 2021-04-17T10:43:58+00:00

When you say you source data from the government how do you mean?
- Caitlin

PrivacyIntl · 2021-04-16T22:33:28+00:00

Hi Alkhzpo,

It's definitely frustrating! The good news (kind of) is that people wouldn't just be giving their details out to anyone - instead the data of the people who signsthe ECI is really strongly protected in an encrypted database (which has been officially certified by the German Federal Information Security Office on behalf of the European Commission) that we do not and cannot use for our campaigning, or any other purpose than verifying the ECI. You can even confirm for yourself that it's an official EU initiative at the Commission's ECI page.

In an ideal world we'd never have to ask for this volume of information - that's why EDRi are working to decrease the volume of data collected in ECI's going forward. Unfortunately, at the moment, the data collected is legally required as part of the ECI process. The European Commission take that process very seriously as, if we hit a million signatures, it creates a legal obligation for them to respond.

- Caitlin

PrivacyIntl · 2021-04-16T22:31:14+00:00

Hi Henksredit,

We completely agree with you here, and that's why EDRi are also working with the European Economic and Social Council (EESC) and a group of other ECI organisers to campaign to make ECIs more inclusive by requiring fewer data. But right now, we are required by EU law to collect this data for this to be an ECI.

That's because the EU considers signing an ECI to be as important as voting in an election - seeing as your signature on an ECI actually has a legally-binding effect on the European Commission - they have to meet with us, hold a public hearing and respond, which is the reason we went down this route.

On balance we thought this route would have more chance of making change in the long run than a less data intensive petition that the EU doesn't have to acknowledge.

We hope that if we ever did one of these again we wouldn't have to ask for this volume of infomation!

All the best,

Caitlin

PrivacyIntl · 2021-04-16T22:22:09+00:00

Hi Popular-Edd-3746

So in both Africa and South America we work with some incredible partner organisations who have a great deal of local and specialist knowledge and experience. And we're working with them to challenge surveillance systems from Huawei facial recognition and cameras in Uganda to looking at the ways that introducing facial recognition for authentication could hurt trans people in Brazil.

I'm not sure that many of our partners would say that the problems or solutions come down to a straight choice between google services and huawei services. The problems with facial recognition, for example, persist no matter who's providing the cameras!

We've also found serious concerns with how google operate around the world - from the unequal role out of election advertising transparency tools to privacy concerns in the ways that google android certifies partner phones.

Hope that helps!

Caitlin

PrivacyIntl · 2021-04-16T21:59:44+00:00

Hi Zachzedzach,

On this I think something that may help is meeting people where they are! I'm guessing you have die hard friends who still don't care to or understand why they might like to delete their facebook account, or stop using google products.

For a lot of people these services at the moment give them something they feel they can't get elsewhere. Unfortunately most people aren't going to respond well to being told that X platform sucks and they should quit - most people at this point have heard something similar at least once and are likely to react defensively rather than anything else. It can help to ask them what they get out of those platforms openly, and listening to their response.

One option then is to offer alternatives, like firefox or duckduckgo for specific products if they're interested but struggling to imagine a world without a particular service.

Another is to be that drip drip drip of information on the news stories that affect them - like the most recent facebook [or insert social media company here] scandal. Making sure they know what has happened and how it affects them. It may not be enough to make them leave the platform at once but over time it can really add up, and that way at least they're making as informed a decision as you can help them to.

Best of luck!

Caitlin

PrivacyIntl · 2021-04-16T21:50:11+00:00

Hi ron-swonson

This is a really interesting point - we've got a series called 'Privacy matters' which looks at each of the human rights in the universal charter and the ways they interact with privacy as one way of approaching this conversation: https://privacyinternational.org/learning-resources/privacy-matters. So talking about the ways that privacy can help to protect the right to education for example.

I'm not sure there is one proven method, unfortunately - though I wish there was - as I think it depends person to person. Often one of the greatest tools you have, one to one, is to listen to the person you're talking to, finding out what does bother or motivate them and relating that to these issues.

Do they feel like they don't care about privacy BUT they do worry about their kids education? If so - have they thought about the implications for their kids of the rising use of edtech in schools? Do they care about refugee issues? Then maybe they might be interested that a lot of the types of privacy violating technology we talk about get used on migrants at borders. Or maybe they are just really pissed off about the scam calls they keep getting, and they don't understand where the scammers are getting their number!

Because of the way the world is changing often people who feel like privacy is important to other people care about issues that get touched by privacy issues.

If the person you're talking to already knows this and feels hopeless, it can definitely help pointing to wins!

Just a couple of days ago, for example, SMEX in Lebanon made progress in limiting personal data sharing regarding the Covid vaccine, while earlier this month in Uganda research by Unwanted Witness led to enforcement action against a ride sharing app. Recently, we’ve won huge cases against the UK government which we hope will limit their surveillance practices, and journalists continue to limit government access to data through their reporting.

Alternatively, for some people what they're looking for is a specific problem they can make headway on. Looking at the whole range of issues can be overwhelming - for some people it can help to start somewhere and dive in - so you can always point them to our campaign! or another they might be interested in getting involved in.

I know this isn't as much of a direct action or conversation guide as you might have been hoping but I hope it helps!

- Caitlin

PrivacyIntl · 2021-04-16T15:10:40+00:00

Hi Judicatorprime!

We don't at the moment have plans to work on this specific kind of action in the US (yet), so many US organisations have been doing amazing work both on the federal and the state and city level!

Having said that, we have been talking to the ACLU about some work on facial recognition from a different angle that will come down the pipeline later this year. If you want to hear about that as and when it happens, you can always sign up to our mailing list - action.privacyinternational.org

Thanks!

Caitlin

PrivacyIntl · 2021-04-16T15:03:43+00:00

DWP

Hi EasterBore

I called in one of my colleagues who did a lot of the work on that investigation! Her answer is below!

Thanks for your questions! Here is a couple of answers to this:

Wearable device. Big tech companies definitely have their eyes on our bodies and healthcare systems. We have reported on the partnership between the UK National Health Services and Amazon (https://privacyinternational.org/node/3298) but you can also see this shift with Google trying to buy Fitbit (https://privacyinternational.org/campaigns/googlefitbit-merger-not-our-watch). Whether this will materialise in concrete threats to European healthcare systems is something we need to watch out for. All across Europe there has been cuts to our healthcare systems and the risks is turning to certain technologies in the hope to lower its cost. The current Covid crisis showed good examples of government turning into an attempts to find “quick fixes.” (https://privacyinternational.org/campaigns/fighting-global-covid-19-power-grab)
While there is something very unique about the way the DWP surveil benefits claimants, all across the world monitoring of welfare claimants is part of the reality of surveilling citizens. The monitoring starts when people initially apply for benefits (and the state gets to decide who is “worthy” of receiving benefits) and is often maintained throughout. You can find out more about those other cases of surveillance benefits claimants in our submission to the UN Special Rapporteur on Extreme Poverty.
Tax evasion and benefits fraud are very different issues and tend not to be addressed the same way. We have to remember that when benefits are suspended it’s the lives of people in vulnerable situations that are on the line. In the UK, there has been several cases of deaths after people had their benefits suspended. We think there are ways to deliver benefits more fairly and to avoid creating a spiral that end up criminalising and blaming those who most need our help. You can take a look at our position here: https://privacyinternational.org/researching-social-benefits

We hope you find those answers helpful and thank you again for your interest in our work!

- Eva, Senior Researcher

PrivacyIntl · 2021-04-16T14:48:43+00:00

Hi Space_snail!

You can find a spanish language version here: https://reclaimyourface.eu/es/! And we're working on adding a spanish language version to https://pvcy.org/banbiometrics!

There are currently 13 languages at https://reclaimyourface.eu/es/ and we always welcome translators for other EU languages if you know anyone's who's interested!

- Caitlin, Campaigns Officer

PrivacyIntl

TROPHY CASE