Connect with us

Technology

Canadians up in arms: Privacy without consent and the dangerous precedent

Avatar

Published

on

Canada data concept, DepositPhotos
Share this:

It’s the news that has taken Canada by storm of late, on Twitter, in the headlines, and in today’s parliamentary debate: Statistics Canada, Canada’s agency which issues statistical research on the state of Canada, its population, the economy and culture, unwittingly walked into the spotlight when Global News revealed the agency had asked TransUnion, a credit bureau that amasses credit information for many financial institutions to provide financial transactions and credit histories on approximately 500,000 Canadians, without their individual prior consent. The Liberal government has endorsed this move.

During the parliamentary debate, Conservative opposition Gérard Deltell declared,

If the state has no business in people’s bedrooms, the state has no business in their bank accounts either. There is no place for this kind of intrusion in Canada. Why are the Liberals defending the [Statistics Canada] indefensible? 

The data being demanded, according to Global News, consists of private information including name, address, date of birth, SIN, account balances, debit and credit transactions, mortgage payments, e-transfers, overdue amounts, and biggest debts on 15 years worth of data. Equifax, the other credit reporting agency that supports financial institutions in Canada has not been asked to provide data.

Francois-Philippe Champagne, Minister of Infrastructure and Communities was vague in his response. While he affirms StatsCanada’s upstanding practices in anonymizing and protecting personal data, he also admitted proper consent was not received,

StatsCan is going above the law and is asking banks to notify clients of this use. Stats Canada is on their side… We know data is a good place to start to make policy decisions in this country, and we will treat the information in accordance with the law. They can trust Statistics Canada to do the right thing.

Statistics Canada and the Liberal government failed to disclose the explicit use of this information, however,

By law, the agency can ask for any information it wants from any source.

I posed this question to former 3-term Privacy Commissioner, Ann Cavoukian, who currently leads the Privacy by Design Practice at Ryerson University, Toronto:

Ann Cavoukian Twitter

Ann Cavoukian Twitter

What’s troubling is that while the opposition cried foul, lashing out accusations of authoritarianism and surveillance, the latter outcome is not implausible.

According to Personal Information Protection and Electronic Documents Act (PIPEDA) Guidelines to Obtain Meaningful Consent, these are the main exceptions

  • if the collection and use are clearly in the interests of the individual and consent cannot be obtained in a timely manner;
  • if the collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province;
  • if disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records;
  • if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
  • if the disclosure is made to another organization and is reasonable for the purposes of detecting or suppressing fraud or of preventing fraud that is likely to be committed and it is reasonable to expect that the disclosure with the knowledge or consent of the individual would compromise the ability to prevent, detect or suppress the fraud;
  • if required by law.

For Statistics Canada, its broad legal reach is enough for the agency to circumvent explicit disclosure of data use and permission. This alone sets a dangerous precedent that wrestles with current European GDPR mandates, which will be referenced in the updated PIPEDA Act, at a time yet to be determined.

However, this privilege will not make StatsCanada immune to data breaches, but in fact, will make it a stronger target for data hackers. According to the Breach Level Index, since 2013 there have been 13+ billion records lost or stolen, with an average of 6.3+ million lost on a daily basis. The increasing centralization of data makes this more likely. For Statistics Canada, which has been collecting tax filings, census data, location, household, demographic, usage, health and economic data, it is increasingly amassing its data online. According to National Newswatch, the dwindling survey completions and costly census programs have necessitated a move to compile information from other organizations such as financial institutions, which come at more reasonable costs and better data quality.

If this is the catalyst to aggregate compiled information, with the goal of record linking, it will unearth significant privacy alarms in the process. For StatsCanada, which has received significant government support because of the critical information it lends to policy decisions, there are looming dangers of being the purveyor of every Canadian’s private information, beyond data breach vulnerabilities.

Anonymized Data Doesn’t Mean Anonymous Forever

I spoke to Alejandro Saucedo, the Chief Scientist at The Institute for Ethical AI & Machine Learning, a UK-based research center that develops industry standards and frameworks for responsible machine learning development and asked him to weigh in on this issue:

Canadians are rightly worried. It concerns me that StatsCanada is suggesting that just discarding names and addresses would be enough to anonymize the data. Not to point out the obvious, but data re-identification is actually a big problem. There have been countless cases where anonymized datasets have been reverse engineered, let alone datasets as rich as this one. 

Re-identification is used to reverse-engineer the anonymity data state and uses alternative data sources to link information to identity. Using publicly available data, easily found in today’s BigData environment, coupled with the speed of advanced algorithms, Saucedo points to successful attempts of re-identification: reverse engineering credit card data, or when this engineer was able to create a complete NYC taxis data dump of 173 million trips and fare logs by decoding the cryptographically secure hashing function that anonymized the medallion and taxi number.

Ethical hacks are not new to banking or any company that collects and manages significant data volumes. These are intentional hacks propagated internally and intentionally by corporations against their existing infrastructure to ensure mitigation of vulnerabilities on-premise and online. This practice ensures the organization is up to par with the latest methods for encryption and security as well as current breach mechanisms. As Saucedo points out:

Even if StatsCanada didn’t get access to people’s names (e.g. requested the data previously aggregated), it concerns me that there is no mention of more advanced methods for anonymization. Differential Privacy, for example, is a technique that adds statistical noise to the entire dataset, protecting users whilst still allowing for high-level analysis. Some tech companies have been exploring different techniques to improve privacy – governments should have a much more active role in this space.

Both Apple and Uber are incorporating Differential Privacy. The goal is to mine and analyze usage patterns without compromising individual privacy. Since the behavioral patterns are more meaningful to the analysis, a “mathematical noise” is added to conceal identity. This is important as more data is collected to establish these patterns. This is not a perfect methodology but for Apple and Uber, they are making momentous strides in ensuring individual privacy is the backbone of their data collection practices

Legislation Needs to be Synchronous with Technology

GDPR is nascent. Its laws will evolve as technology surfaces other invasive harms. Government is lagging behind technology. Any legislation that does not enforce fines for significant breaches in the case of Google Plus, Facebook or Equifax will certainly ensure business and government maintain the status quo.

Challenges of communicating the new order of data ownership will continue to be an uphill battle in the foreseeable future. Systems, standards and significant investment into transforming policy and structure will take time. For Statistics Canada and the Canadian government, creating frameworks that give individuals unequivocal control of their data require education, training, and widespread awareness. Saucedo concedes,

 A lot of great thinkers are pushing for this, but for this to work we need the legal and technological infrastructure to support it. Given the conflict of interest that the private sector often may face in this area, this is something that the public sector will have to push. I do have to give huge credit to the European Union for taking the first step with GDPR – although far from perfect, it is still a step in the right direction for privacy protection.

 (Update) As of Friday, November 1, 2018, this Petition E-192 (Privacy and Data Protection) was put forward to the House of Commons calling for the revocation of this initiative. 21,000 signatures have been collected to date. Canadians interested in adding their names to this petition can do so.
Petition to the House of Commons
Whereas:
  • The government plans to allow Statistics Canada to gather transactional level personal banking information of 500,000 Canadians without their knowledge or consent;
  • Canadians’ personal financial and banking information belongs to them, not to the government;
  • Canadians have a right to privacy and to know and consent to when their financial and banking information is being accessed and for what purpose;
  • Media reports highlight that this banking information is being collected for the purposes of developing “a new institutional personal information bank”; and
  • This is a gross intrusion into Canadians’ personal and private lives.
We, the undersigned, Citizens and Residents of Canada, call upon the Government of Canada to immediately cancel this initiative which amounts of a gross invasion of privacy and ensure such requests for personal data never happen again.

This post first appeared on Forbes.

Share this:

Technology

Robot delivery: Bots will be bringing parcels to your home

Avatar

Published

on

Digit
Share this:

Ford, FedEx and Amazon are each at an advanced stage with autonomous robot delivery vehicles, designed to bring packages to the doors of businesses and homes. Several successful pilots have been completed.

Each robot looks different but the objective is similar — getting a package to a customer using an autonomous machine. The aim of these new robot delivery tools is to boost efficiency and eliminate the need to pay people to carry out the final part of the delivery process.

Ford / Agility Robotics

Ford, more commonly associated with cars and trucks, is partnering with legged locomotion specialist Agility Robotics to assess how self-driving car deliveries can be improved. The project objective is to ensure self-driving vehicles can accomplish something that’s been very difficult to accomplish: carrying out the last step of the delivery, from the car to the recipient’s front door.

The two companies hope the answer is a two-legged robot called “Digit”.

Digit has been designed to approximate the look and walk of a human. The robot is constructed from lightweight material and it is capable of lifting packages that weigh up to 40 pounds. In tests, Digit has been shown to be capable of going up and down stairs and to negotiate uneven terrain, thanks to the use of LiDAR and stereo cameras.

FedEx

The courier delivery services company FedEx is developing an autonomous delivery robot designed to assist retailers make same-day and last-mile deliveries to their customers. The device is called the FedEx SameDay Bot, and the aim is to deliver packages by bot directly to customers’ homes or businesses the same day. The device has been developed in collaboration with DEKA Development & Research Corp., run by Dean Kamen, the inventor of the Segway.

The FedEx device is the most adventurous of the three, in that it will cross roads and is destined to cover longer distances. The interaction with roads is supported by machine-learning algorithms to help the robot to detect and avoid obstacles, plot a safe path, and to follow road and safety rules.

Amazon Scout

Amazon’s autonomous delivery robots are about to begin rolling out on California sidewalks. Amazon Scout will begin with delivering packages to the company’s Prime customers residing in Southern California. The new Amazon device will work during daylight hours, providing small and medium-sized packages to customers. The Amazon Scout is a six-wheeled electric-powered vehicle around the size of a small cooler. In terms of movement, the Scout rolls along sidewalks at what’s described as a walking pace.

Amazon began testing out the Scout in January 2019, running a pilot program using six machines to deliver packages in Snohomish County, Washington. Vice president of Amazon Scout Sean Scott said: “We developed Amazon Scout at our research and development lab in Seattle, ensuring the devices can safely and efficiently navigate around pets, pedestrians and anything else in their path.”

Following the success of the pilot — where the Scout autonomously navigated the various obstacles commonly found in residential neighborhoods like trashcans, skateboards, lawn chairs, the occasional snow blower and more — the device is ready for a wider launch.

The wider launch will feature a small number of Amazon Scout devices, delivering Monday through Friday, during daylight hours in the Irvine area of California, according to Smart2Zero. Customers will order items as they would normally, but in some cases their Amazon packages will be delivered by an Amazon Scout. To make sure things go smoothly, each Scout will initially be accompanied by a human “Amazon Scout Ambassador.”

Share this:
Continue Reading

Technology

Amazon adds fear detection and age ranges to its facial-recognition tech as the Border Patrol looks to award a $950 million contract

Business Insider

Published

on

border
Share this:
  • Amazon Web Services has added several new features to its facial-recognition technology, Rekognition.
  • This includes expanded age-recognition capabilities and the new ability to recognize fear.
  • Rekognition is a controversial technology and has been the subject of much criticism and protests — from both inside and outside Amazon.
  • These new features drew some flack from commenters on Twitter.
  • Meanwhile, the US Customers and Border Patrol is looking for quotes on a sweeping new border protection system that includes more facial-recognition tech.

Amazon Web Services has expanded the capabilities of its controversial facial-recognition technology called Rekognition.

It now better detects more age ranges and it can also detect fear, the company announced in a blog post on Monday.

The company explained (emphasis ours):

“Today, we are launching accuracy and functionality improvements to our face analysis features. Face analysis generates metadata about detected faces in the form of gender, age range, emotions, attributes such as ‘Smile’, face pose, face image quality and face landmarks. With this release, we have further improved the accuracy of gender identification. In addition, we have improved accuracy for emotion detection (for all 7 emotions: ‘Happy’, ‘Sad’, ‘Angry’, ‘Surprised’, ‘Disgusted’, ‘Calm’ and ‘Confused’) and added a new emotion: ‘Fear’.Lastly, we have improved age range estimation accuracy; you also get narrower age ranges across most age groups.”

Earlier this month AWS also announced that Rekognition can now detect violent content such as blood, wounds, weapons, self-injury, corpses, as well as sexually explicit content.

But it was the news of more age ranges and fear detection that was met with comments on Twitter.

Just last month several protesters interrupted Amazon AWS CTO Werner Vogels during a keynote speech at an AWS conference in New York.

They were protesting AWS’s work with the U.S. Immigration and Customs Enforcement (ICE) and the family separation policy at the Southern Border. Amazon hasn’t acknowledged whether ICE uses its Rekognition technology, but the company did meet with ICE officials to pitch its facial-recognition tech, among other AWS services, as revealed by emails between Amazon and various government officials obtained by the American Civil Liberties Union Foundations.

Amazon’s Rekognition has come under fire from a wide range of groups who want the company to stop selling it to law enforcement agencies. In April, AI experts penned an open letter to Amazon about it. Civil rights group have protested it. 100 Amazon employees sent a letter to management last year asking the company to stop selling Rekognition to law enforcement. Another 500 signed a letter this year asking Amazon to stop working with ICE altogether.

“AWS comes under fire for Rekognition sales to the federal government, who in turn is building concentration camps for children, and AWS’s response is to improve ‘age range estimation’ and ‘fear detection’ in the service? Are you f– KIDDING ME?!” tweeted Corey Quinn from the Duckbill Group, a consultant that helps companies manage their AWS bill. Quinn also hosts theScreaming in the Cloud podcast.

Another developer tweeted, “In 25 years we’re going to be talking about how AWS handled this situation in the same way we talk about how IBM enabled the holocaust. Every engineer and ML researcher who worked on this should be ashamed of themselves.”

The CBP is looking to buy more facial-recognition tech

Meanwhile, the U.S. Customs and Border Protection (CBP), a sister agency to ICE, has put out a new request for quotes on a sweeping new border-security system that includes expanded use of facial-recognition technology.

“Integration of facial recognition technologies is intended throughout all passenger applications,” the RFQ documents say.

The CBP already uses facial recognition at various airports, such as in Mexico City, where it matches passenger’s faces with photos taken from their passports or other government documents, it says.

And the CBP uses other biometric information, such as taking fingerprints of people at the border if it suspects that they are entering the country illegally, it says.

“CBP’s future vision for biometric exit is to build the technology nationwide using cloud computing,” the agency wrote in a 2017 article about the use of facial recognition and finger-print tech.

This new contract for new border security technologies is expected to begin in early 2020 and could be worth $950 million over its lifespan, according to the RFQ documents.

This article was originally published on Business Insider. Copyright 2019.

Share this:
Continue Reading

Technology

IBM launches ‘Trust Your Supplier’ blockchain initiative

Avatar

Published

on

Blockchain
Share this:

IBM and Chainyard have announced a new blockchain network called Trust Your Supplier, which is a blockchain-based platform that simplifies supply chain management and improves supplier qualification, validation, onboarding and life cycle information management.

IBM sees the new blockchain-based network as critical to the continued growth and advancement of the global supply chain industry. The technology provides a digital passport for supplier identity on the blockchain. This will enable suppliers to share information with any permissioned buyer on the network to make qualifying, validating and managing new suppliers easier and less time-consuming.

The Trust Your Supplier platform is being pioneered by several leading companies, such as Anheuser-Busch InBev, GlaxoSmithKline, Lenovo, Nokia, Schneider Electric and Vodafone. Each of these founding participants is in the process of onboarding their suppliers. These are leading companies across industries like technology, telecommunications, pharmaceuticals and food and beverage.

By eliminating manual, time-consuming processes, the Trust Your Supplier technology aims to help reduce the risk of fraud and errors by establishing a connected environment among global suppliers. With more than 18,500 global suppliers, IBM itself will begin using and onboarding 4,000 of its North American suppliers to the Trust Your Supplier network. This is expected to be completed during quarter 3 of 2019.

Convening a network of leading companies with shared challenges and goals, Trust Your Supplier has been designed to assist companies working across multiple industries to design and implement more efficient processes to solve a common problem in relation to the supply chain.

Representing one of the first companies to take up the service, Sanjay Mehta, Vice President Procurement, Nokia, states: “Working with IBM and Chainyard on this blockchain initiative represents a great opportunity for Nokia to further enhance our suppliers’ experience and optimize the onboarding process (process of integrating a new supplier into an organization’s network). Using the latest technology to address a classical challenge will be of benefit for everyone, and further increase the speed of using innovative solutions.”

Share this:
Continue Reading

Featured