When you give your name and address to the Departments of Motor Vehicles in exchange for a driver’s license, many of those DMVs in the USA are selling your personal information to thousands of businesses. Some have made tens of millions of dollars a year selling your data.
When asked how much the Wisconsin DMV made from selling driver records, a spokesperson wrote in an email “Per these 2018 DMV Facts and Figures, $17,140,914 was collected in FY18 for driver abstract fees.” Examining that document shows that Wisconsin’s revenue for selling driver records has shot up dramatically since 2015, when the sale drew in $1.1 million. The Florida Department of Highway Safety and Motor Vehicles made $77 million in 2017 by selling data, a local outlet found.
Documents explicitly note that the purpose of selling this data is to bring in revenue.
But there are both real world privacy and security concerns.
“The selling of personally identifying information to third parties is broadly a privacy issue for all and specifically a safety issue for survivors of abuse, including domestic violence, sexual assault, stalking, and trafficking,” Erica Olsen, director of Safety Net at the National Network to End Domestic Violence, told Motherboard in an email. “For survivors, their safety may depend on their ability to keep this type of information private.”
And, not only is this somehow all legal, there is no obvious way for you to opt out or control who has access to your personal information!
» More from Joseph Cox at Motherboard / Vice…
Honestly, does this surprise anyone?
Facebook has run fast and loose with users’ private data from the beginning.
Hundreds of millions of phone numbers linked to Facebook accounts have been found online.
The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.
But because the server wasn’t protected with a password, anyone could find and access the database.
Each record contained a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username.
Read more by Zack Whittaker at TechCrunch…
Which is petty cash for owner Google/Alphabet
» Read the story by Rachell Lerman and Marcy Gordon of the AP at Time Magazine…
A few days after an Associated Press investigation about Google’s privacy practices was reported, Google has revised its deceptive description on its website to ‘clarify’ it still tracks user location even after they turn off location history setting.
This affects Android powered devices and iPhones loaded with Google software such as Chrome, Google Maps, etc.
An Associated Press report has revealed that several Google services on Android devices and iPhones store your location data even after users set a privacy setting that is meant to stop Google from doing so.
Computer-science researchers at Princeton confirmed AP’s findings.
Storing location data in violation of a user’s preferences is wrong, said Jonathan Mayer, a Princeton computer scientist and former chief technologist for the Federal Communications Commission’s enforcement bureau. A researcher from Mayer’s lab confirmed the AP’s findings on multiple Android devices; the AP conducted its own tests on several iPhones that found the same behavior.
“If you’re going to allow users to turn off something called ‘Location History,’ then all the places where you maintain location history should be turned off,” Mayer said. “That seems like a pretty straightforward position to have.”
Google says it is being perfectly clear.
“There are a number of different ways that Google may use location to improve people’s experience, including: Location History, Web and App Activity, and through device-level Location Services,” a Google spokesperson said in a statement to the AP. “We provide clear descriptions of these tools, and robust controls so people can turn them on or off, and delete their histories at any time.”
When compared to the likes of Facebook, Google, and others, Apple are probably doing a better job. But they could be doing more.
Bloomberg Businessweek (paywall):
Bloomberg News recently reported that for years iPhone app developers have been allowed to store and sell data from users who allow access to their contact lists, which, in addition to phone numbers, may include other people’s photos and home addresses. According to some security experts, the Notes section—where people sometimes list Social Security numbers for their spouses or children or the entry codes for their apartment buildings—is particularly sensitive. In July, Apple added a rule to its contract with app makers banning the storage and sale of such data. It was done with little fanfare, probably because it won’t make much of a difference.
When developers get our information, and that of the acquaintances in our contacts list, it’s theirs to use and move around unseen by Apple. It can be sold to data brokers, shared with political campaigns, or posted on the internet. The new rule forbids that, but Apple does nothing to make it technically difficult for developers to harvest the information.
Genetic testing firms Ancestry and 23andMe pledge to be more upfront about how they share/sell users’ DNA data to business, police, and others – Fortune, Washington Post
After the U.S. Customs and Border Protection updated it’s directives on searches of electronic devices, the Privacy Commissioner of Canada is warning Canadian citizens.
When crossing to the U.S., the privacy commissioner’s guidelines advise that “U.S. border officials have broad inspection powers which can include seeking passwords to your laptop, tablet or mobile phone.” These can be performed as part of a routine inspection, without evidence of any wrong doing, and without a warrant.
The updated U.S. customs directives state officers may only inspect data on the electronic devices and may not search remotely stored data, such as data that is kept in the cloud. These directives include U.S. preclearance sites in Canada.
However, they are free to inspect and copy the device with “reasonable suspicion of illegal activity or if there is a national security concern.” These are the loopholes.