The Internet user privacy debate is raging on multiple fronts lately, and some big names in the technology industry are getting in on the action. In the past few weeks, Facebook saw a European privacy group challenge the social media giant’s data use policy, Microsoft lost a battle over its user data stored abroad and Google used email scans to clue police in on a child abuser’s identity. The debate probably won’t end any time soon, either, warned a recent HP study on the mounting susceptibility of data on connected devices.
Facebook faces lawsuit from EU privacy group
The privacy advocacy group Europe vs. Facebook has instigated an international class action lawsuit against Facebook’s Irish subsidiary, Facebook Ireland, in the latest chapter of a years-long legal battle.
The class action suit now has approximately 11,000 participants, Europe vs. Facebook told TechCrunch, and targets a number of Facebook business practices that the group says violate privacy and consent policies under the EU Data Protection Law. The suit accuses Facebook of violations that include enacting a legally invalid data use policy, passing unauthorized user data onto external applications and tracking user activity on external websites via “Like” buttons.
The lawsuit seeks €500 (about $668) in damages per user. “We are only claiming a small amount, as our primary objective is to ensure correct data protection,” said Europe vs. Facebook’s leader Max Schrems, an Austrian lawyer and activist. “However, if many thousands of people participate, we would reach an amount that will have a serious impact on Facebook.”
U.S. judge rejects Microsoft’s protection of overseas data
U.S. Federal Judge Loretta Preska has ruled against Microsoft’s challenge to a search warrant seeking an unidentified user’s emails and records stored in an Ireland data center. Microsoft argued that U.S. prosecutors do not have the authority to seize data stored in Ireland without permission from the local government because U.S. law does not apply there. The company has also argued that emails are a personal form of communication that belongs to the user. “What is at stake is the privacy protection of individuals’ email and the ability of American tech companies to sustain trust around the world,” Bradford L. Smith, Microsoft’s general counsel, told the New York Times.
However, Preet Bharara, U.S. Attorney for the Southern District of New York, argued that Microsoft’s analysis is wrong, and that overseas records must be turned over domestically when a valid subpoena, order or warrant is presented. Judge Preska concurred, declaring that because Microsoft is able to control the information without physically entering Ireland’s sovereignty, it must comply with a warrant for said data. Preska put the ruling on hold while Microsoft files an appeal. Major technology companies, including Apple, Verizon and AT&T, have filed briefs supporting Microsoft’s argument.
Google alerts authorities of child abuse after email scan
Another recent event illuminated Google’s role in policing the Web: After Google allegedly detected explicit images of a young girl in a user’s email, it alerted the National Center for Missing and Exploited Children. The Center then informed Houston police, who arrested and charged 41-year-old convicted sex offender John Henry Skillern with possessing child pornography.
Google works with the Internet Watch Foundation to help identify and remove child abuse images from its search engine and subsequently report them to authorities. The arrest, however, raised email privacy questions. While many know that Google automatically scans its users email accounts to produce targeted ads within Gmail, “Gmail users will certainly be interested to know what action Google proactively takes to monitor and analyze Gmail messages for illegal content,” said Emma Carr, acting director of privacy lobby group Big Brother Watch.
HP study cautions that many common IoT devices at risk
As the Internet of Things (IoT) proliferates, privacy issues will likely spread as well: A recent study conducted by Hewlett-Packard (HP) found that about 80% of IoT devices raise privacy concerns, and about 70% are vulnerable to getting hacked or compromised.
The study tested 10 of the most common smart devices, including TVs, webcams and home thermostats. Each device, the study claims, had approximately 25 vulnerabilities. Many of the study’s findings were related to insufficient password strength and poor data protection: 70% of the devices did not encrypt communications to the Internet and local network; 80% failed to require passwords of adequate length or complexity; 70% used unencrypted network services; and 80% put their users’ data at risk of being intercepted through cloud services.
“While these devices have made life easier, they’ve also created new attack vectors for hackers,” read the report regarding IoT devices. Gartner predicts that there will be 26 billion IoT devices by 2020, which HP warned will open even more avenues for hackers.