Advanced Search
Content Type: Examples
In 2015, researchers at Harvard University found vulnerabilities in the anonymisation procedures used for health care data in South Korea that enabled them to de-anonymise patients with a 100% success rate and to decrypt the Resident Registration Numbers included with prescription data relating to deceased South Koreans. The unique 13-digit codes enabled full reidentification. In the UK, medical information is held on the NHS Personal Demographics Service is identified by the patient's ten-…
Content Type: Examples
In 2015, Chinese hackers stole sensitive information including social security numbers and residency, employment, educational, and medical histories concerning more than 21 million people from the US Office of Personnel Management. OPM houses this information about all federal employees along with others such as their spouses and co-habitants. The breach affected anyone who had undergone a background check as long previously as 2000.Also stolen were the user names and passwords used to fill out…
Content Type: Examples
In 2016, Danish researchers Emil Kirkegaard and Julius Daugbjerg Bjerrekær released a dataset onto the Open Science Framework that included details of almost 70,000 users of the online dating site OkCupid. The researchers created the dataset themselves by using software to scrape information from OkCupid's site including user names (though not real names), ages, gender, religion, and personality traits, along with the answer to the questions the sites asks new users in order to help identify…
Content Type: Examples
In 2015, the DNA testing company 23andMe revealed it had sold access to the DNA information it had collected from the 1.2 million people who had paid for genetic testing to more than 13 drug companies. One of these was Genentech, which paid $10 million to look at the genes of people with Parkinson's Disease. At that point, 23andMe had the world's largest database that combined DNA samples with extensive, voluntarily-submitted personal and health information, connections that are valuable to…
Content Type: Examples
In 2016, Nguyen Phong Hoang, a security researcher in Kyoto, Japan demonstrated that the location of users of gay dating apps such as Grindr, Hornet, and Jack'd can be pinpointed even when they have turned on features intended to obscure it - a dangerous problem for those have not come out publicly as LGBT or who live in a hostile location. The technique is known as trilateration and relies on the fact that these apps display images of nearby users in order of proximity. That ordering…
Content Type: Examples
In March 2016, a hacker group identifying itself as Anonymous Philippines defaced the website of the Philippine Commission on the Elections (Comelec), leaving a message that accused Comelec of not doing enough to secure the voting machines due to be used in the general election the following month. That same day, LulzSec Piliphinas, a different but related hacker group, posted online a link to a 338GB database it claimed was the entire electoral register of 54.36 million Filipinos. Trend Micro…
Content Type: Examples
A new generation of technology has given local law enforcement officers in some parts of the US unprecedented power to peer into the lives of citizens. In Fresno, California, the police department's $600,000 Real Time Crime Center is providing a model for other such centres that have opened in New York, Houston, and Seattle over the decade between 2006 and 2016. The group of technologies used in these centres includes ShotSpotter, which uses microphones around the city to triangulate the…
Content Type: Examples
In 2016, Spanish Jose Carlos Norte, the chief technology officer at Telefonica subsidiary EyeOS, used the scanning software Shodan to find thousands of publicly exposed telematics gateway units. TGUs are small radio-enabled devices that are attached to industrial vehicles so their owners can track their location, petrol usage, and other parameters. At least one of these TGUs, made by the French company Mobile Devices, had no password protection. Norte was able to look up the location of…
Content Type: Examples
A 2015 study carried out in Rwanda and published in the journal Science used mobile phone records to study the distribution of wealth and poverty in an attempt to fill in the gap left by the difficulty of collecting accurate statistics. A rought idea of geographic location was derived from anonymised data on billions of interactions such as when calls were made and received, when text messages were sent and which cell towers they were routed through. Combined with responses from about 850…
Content Type: Examples
Automated systems such as the personality test developed by Massachusetts-based workforce management company Kronos are increasingly used by large companies to screen job applicants. To avoid falling foul of regulations prohibiting discrimination against those with mental illness, often the questions are phrased in intricate ways that are harder to game - but also harder to answer without self-incrimination. It's estimated that as many as 72% of CVs are never seen by human eyes; instead, they…
Content Type: Examples
As speech recognition and language-processing software continue to improve, the potential exists for digital personal assistants - Apple's Siri, Amazon's Alexa, and Google Assistant - to amass deeper profiles of customers than has ever been possible before. A new level of competition arrived in 2016, when Google launched its Home wireless speaker into a market that already included the Amazon Echo, launched in 2014. It remained unclear how much people would use these assistants and how these…
Content Type: Examples
The price of using voice search is that Google records many of the conversations that take place in their presence. Users wishing to understand what Google has captured can do so by accessing the portal the company introduced in 2015. Their personal history pages on the site include both a page showing activity on the web and a separate specific audio page that lists the captured recordings. The information made available there includes when and how by what device or app the sound was recorded…
Content Type: Examples
In 2015, a small number of Silicon Valley start-ups began experimenting with assessing prospective borrowers in developing countries such as Kenya by inspecting their smartphones. Doing so, they claimed, enabled them to charge less in interest than more traditional microlenders, since many of their target customers lack traditional credit ratings. The amount of data on phones - GPS coordinates, texts, emails, app data, and more obscure details such as how often the user recharges the battery,…
Content Type: Examples
In the past, car insurers relied on drivers to report their annual mileage when renewing their policies. Increasingly, however, insurers are turning to other methods. In 2016, State Farm, a US insurance company, acknowledged that the company verifies the mileage driven by the cars it insures in a variety of ways: directly from customer reports; from monitoring devices plugged into their cars; and in some cases from third-party vendors. These third-party vendors may include car dealers and also…
Content Type: Examples
In 2015, Ant Financial, a Chinese company affiliated with Alibaba, began deploying "Sesame Credit scores". Ant, which also runs the popular payment app Alipay, claims that it uses both online and offline purchasing and spending habits to calculate a credit worthiness score for each of its more than 350 million users. Users who meet various thresholds qualify for bonuses such as small loans or waivers on deposits. Almost as soon as the system went live, users of popular social media apps such as…
Content Type: Examples
In 2016 researchers in China claimed an experimental algorithm could correctly identify criminals based on images of their faces 89% of the time. The research involved training an algorithm on 90% of a dataset of 1,856 photos of Chinese males between 18 and 55 with no facial hair or markings. Among them were 730 ID pictures of convicted criminals or suspects wanted by the Ministry of Public Security. However, criminology experts warned that the results may merely reflect bias in the criminal…
Content Type: Examples
In 2016 researchers at the University of Texas at Austin and Cornell University demonstrated that a neural network trained on image datasets can successfully identify faces and objects that have been blurred, pixellated, or obscured by the P3 privacy system. In some cases, the algorithm performed more consistently than humans.
https://www.schneier.com/blog/archives/2016/09/using_neural_ne.html
Writer: Bruce Schneier
Publication: Schneier on Security
Publication date:
Content Type: Examples
In 2015, Facebook's AI lab announced that its researchers had devised an experimental algorithm that could recognise people in photographs even when their faces are hidden or turned away. The researchers trained a sophisticated neural network on a dataset of 40,000 photographs taken from Flickr, some full-face and others facing away and were able to reach 83% accuracy. The company hopes an algorithm like this one could help apps like Facebook's then-new Moments sort photos into groups. …
Content Type: Examples
In 2016, Facebook gave conflicting accounts of whether the service uses location data in order to recommend prospective Friends in its "People You May Know" feature. When the company first admitted - for publication - that location data was indeed one of the signals it used, many users felt this explained some of the PYMK recommendations they were seeing and experts pointed out the similarity to the NSA's techniques as were exposed in 2013 by the Snowden revelations. A few days later,…
Content Type: Examples
In September 2016, the US Federal Trade Commission hosted a workshop to study the impact of big data analysis on poor people, whose efforts to escape poverty may be hindered by the extensive amounts of data being gathered about them. Among those who intensively surveil low-income communities are police, public benefits programmes, child welfare systems, and monitoring programmes for domestic abuse offenders. Some areas require applicants for food stamps and other public benefits to undergo…
Content Type: Examples
In 2016, Facebook and Google began introducing ways to measure the effectiveness of online ads by linking them to offline sales and in-store visits. Facebook's measurement tools are intended to allow stores to see how many people visit in person after seeing a Facebook campaign, and the company offered real-time updates and ad optimisation. Facebook noted that information will only be collected from people who have turned on location services on their phones. The company also offered an Offline…
Content Type: Examples
In 2016, researchers affiliated with Verto Analytics and the Qatar Computing Research Institute published work in which they analysed the app usage and demographics of more than 3,700 people in order to find correlations. Based on the models they developed, they found they could predict a user's gender, age, marital status, and income with between 61% and 82% accuracy.
https://www.washingtonpost.com/news/the-intersect/wp/2016/03/03/quiz-can-we-guess-your-age-and-income-based-solely-on-…
Content Type: Examples
In 2016, supporters of Ted Cruz and Rand Paul for president were surprised to begin getting emails from the Trump campaign soon after their candidates dropped out of the race for the Republican nomination. In an investigation, CNNMoney found that nearly every failed 2016 presidential candidate sold, rented, or loaned their supporters' email addresses to other candidates, marketers, charities, and private companies. From analysing thousands of emails and Federal Election Commission records,…
Content Type: Examples
In 2016, Verbraucherzentrale NRW, a consumer protection organisation in the German state of North Rhine-Westphalia accused Samsung of harvesting data and sending it back to the company over the internet without informing users as soon as its smart televisions are connected to the internet. The complaint specifies the model UE40H6270. The group wants Samsung to default to an anonymous setting rather than transmit information including the show being watched, the time of date, and the user's IP…
Content Type: Examples
In 2016, VICE News discovered that the confidential and "shadowy" World-Check database, which has wrongly linked individuals to terrorist activity, was being widely used by British police and intelligence. Also a customer is the Charity Commission, which uses it to screen charities and aid beneficiaries. Owned by Thomson-Reuters, World-Check profiles individuals using "open-source" information to uncover their "hidden risk" for government agencies and banks and is part of a rapidly growing by…
Content Type: Examples
In 2016, the US's third-largest property and casualty insurer, Liberty Mutual, announced it would partner with Subaru to enable drivers who have bought Subaru's Starlink infotainment system to download a car app that will notify them if they are accelerating too aggressively or braking too hard. The insurer's RightTrack programme, which began in 2012 and of which the app is a part, gives drivers a 5% discount for enrolling and further discounts of up to 30% for following the app's instructions…
Content Type: Examples
In 2017 two Metropolitan police officers were jailed for five years for hacking into the force's intelligence database and leaking the identity of a protected witness to the defence lawyer in a 2011 murder trial that eventually saw the defendant, Leon De St Aubin, convicted. While the trial was in progress, the St Aubin's girlfriend, Lydia Laura, got a job as a civilian custody officer at Hammersmith police station without disclosing her relationship. In return for sexual favours, police…
Content Type: Examples
In a 2017 study of patterns of postings on Chinese social media, three Harvard researchers disagreed with the widespread claim that the government's strategy is to post "50c party" posts that argue for the government's side in policy and political debates. Instead, the researchers estimated that the Chinese government fabricates as many as 448 million social media comments a year but found that these avoid controversial issues and arguments with government skeptics. Instead, the researchers…
Content Type: Examples
In early 2016 Libreville, the capital of Gabon, signed up for Microsoft's CityNext programme, which is intended to supply innovative "smart city" solutions in eight key areas: health, social services, infrastructure, water, electricity, justice, culture, and education. Applications in each area will allow the city to manage traffic and urban transport, govern and collect taxes, and provide citizens with electronic access to health, citizen, police, and emergency services, as well as make it…
Content Type: Examples
In 2016 Jonathan Evans, the former head of Britain's MI5 warned that private firms are analysing "open source" - that is, publicly posted - information to create profiles that are just as intrusive as anything Britain's intelligence agencies deploy and that the gap is closing between open information and secret intelligence. Evans suggested that, compared to telephone companies and banks, giant internet firms were failing in their "moral duty" to protect their users. He drew the line at…