Last week, it was revealed by a sharp-eyed Redditor that the information kiosks at a mall in Calgary, Canada, were full of software designed to track the age and sex of anyone that stopped to use it. Pretty damn greasy. Greasier still, the management company that operates the mall, Cadillac Fairview admitted that the software was in use at a number of its other properties. The greasiest bit out of all of it? They shrugged off privacy concerns raised by a number of news outlets as there’s nothing in Alberta’s laws that keeps them from doing it without permission, or warning mall patrons that it’s being done.

Well, that was last week.

From The CBC:

The privacy commissioners of Alberta and Canada are launching investigations into the use of facial recognition technology, without the public's consent, in at least two malls in Calgary.

A notice posted Friday to the Alberta privacy commissioner website says the investigation will look to determine, "what types of personal information are being collected, whether consent for collection or notice of collection is required or would be recommended, for what purposes personal information is collected, whether the data is being shared with other businesses, law enforcement or third parties, and what safeguards or security measures are in place to protect personal information."

It’s said that Alberta’s privacy commissioner opened the investigation, based on the level of public interest surrounding the issue of whether or not it’s cool for property owners to collect biometric information without a visitor’s knowledge or consent. Read the rest

If you’re from just about anywhere in the world, with the exception of the United States, beginning this week you'll find that visiting Canada will feel a whole lot more invasive. Moving forward, it will be necessary for all foreign nationals to provide Canadian Immigration officials with their fingerprints and photographs, if they're applying for a visitor's visa, work permit, want to attend a Canadian university, or if they wish to apply for a work permit or status as a permanent resident.

From The Daily Hive:

A spokesperson for Immigration, Refugees and Citizenship Canada (IRCC) told Daily Hive that “new regulations will support the expansion of biometric collection to all applicants from Europe, the Middle East and Africa who are applying abroad for a temporary resident visa, work permit, study permit, or permanent residence.”

The spokesperson noted that IRCC currently collects biometrics from “in-Canada refugee claimants, overseas refugee resettlement applicants, individuals ordered removed from Canada, and individuals from 30 foreign nationalities applying for a temporary resident visa, work permit, or study permit.”

Now, here’s the creepy part. Canada will be sharing the data they collect on each person entering the country with the Migration Five/Five Country Conference: The United States, Australia, the United Kingdom and New Zealand. For those keeping track at home, these same nations also comprise the Five Eyes intelligence sharing alliance, which, as Edward Snowden was kind enough to warn us about back in 2013, has been spying on one another’s citizens as a way of circumventing laws that keep Five Eyes member countries from spying on their own people. Read the rest

When I’m in Calgary, there’s a coffee shop that I like to work at, located in the Chinook Centre Mall. It’s part of a local chain that knows how to make a great iced latte. I’m not in often, but they know me. They know my face.

Apparently, they’re not the only ones.

According to the CBC, the management company that tends to Chinook Center Mall, Cadillac Fairview, has been using facial recognition software to track the sex and age of visitors on the down low.

From The CBC:

A visitor to Chinook Centre in south Calgary spotted a browser window that had seemingly accidentally been left open on one of the mall's directories, exposing facial-recognition software that was running in the background of the digital map. They took a photo and posted it to the social networking site Reddit on Tuesday.

The mall's parent company, Cadillac Fairview, said the software, which they began using in June, counts people who use the directory and predicts their approximate age and gender, but does not record or store any photos or video from the directory cameras.

Cadillac Fairview said the software is also used at Market Mall in northwest Calgary, and other malls nationwide. In Alberta, collecting biometric data, so long as no images are recorded and stored, is allowed, without having to let anyone know that you’re doing it.

That’s frigging greasy.

For their part, Cadillac Fairview says that they aren’t required to let visitors to their property know that they’re being profiled, as the software they use, MappedIn, doesn’t store any photos or biometric information. Read the rest

One of the best reasons to buy a piece of Apple hardware, in my opinion, is the company’s history of protecting the privacy of its customers.

Provided you're not a customer living in China.

You may recall that, a while back, iOS users in China lost the ability to download most VPN clients to their phones and tablets from the iTunes App Store—the Chinese government doesn’t like their citizens to be able to anonymously access the Internet or view the world through the lens of unapproved news sources. So, Virtual Private Networks were kicked to the curb. According to 9to5mac, Apple is once again showing the Chinese government their soft underbelly, in the name of being able to continue to sell their hardware in the country.

According to 9to5mac, the Chinese Ministry of Industry and Information Technology has decided that they’d like Callkit—a developer framework that lets devs bake VoIP capabilities into their apps for iOS—to not be a thing for applications available to its citizens. You likely use Callkit-backed apps on a regular basis, without even knowing it. When your iPhone displays you the name or number of who’s calling you on Skype? That’s Callkit, doing it’s thing. The Chinese government doesn’t dig on Callkit because of the fact that it’s difficult, if not impossible to intercept and monitor calls made using it. Last summer, Skype was removed from the Apple’s Chinese App Store portal, likely for this very reason.

Look. Before anyone swoops in to say that I’m anti-Apple I wrote this post on a MacBook. Read the rest

A leaked White House Powerpoint deck published by Axios reveals that some elements in the Trump administration are trying to sell a plan for the US government to build the nation's "5g" wireless infrastructure, hardened against Chinese surveillance and attacks, and then lease access to the private telcoms sector; the network architecture could then be reproduced and given to US allies to help them defend themselves against Chinese attacks. Read the rest

Remember when Internet Person JWZ began to append sarcastic messages to the "This building monitored by CCTV" sign that appeared without warning in his lobby ("FEAR THE UNKNOWN - MONSTERS ARE REAL" "DON'T SUSPECT YOUR NEIGHBOR: REPORT HIM!" "DRONE STRIKES AUTHORIZED 7PM - 5AM")? Eventually he got bored of it, but he's brought it back this Xmas, in Christmas Bauble form. Read the rest

The default behavior of hotword, a new, black-box module in Chrome (and its free/open cousin, Chromium) causes it to silently switch on your computer's microphone and send whatever it hears to Google. Read the rest

If you own a Vizio TV that's updated recently, beware: its firmware adds "Smart Interactivity," a cute name for spyware that records your viewing choices and inserts additional "bonus features" (ads) into your viewing. Read the rest

Lenovo's disgraceful use of Superfish to compromise its users' security is just the tip of the iceberg: everywhere we look, companies have decided that it's a good idea to sneakily subvert their users' encryption. Read the rest

Madeline Ashby writes, "I wrote this column about Canada's Bill C-51, which would allow Canada's spy agency CSIS to detain people for simply 'promoting' terrorism, promises it can wipe terrorist content from the Internet, expands no-fly lists, and is basically a piece of Patriot Act fanfic. I thought you guys might like to know that years after Bush left office, his fans are trying to keep the tradition alive." Read the rest

The Bureau is seeking a rule-change from the Administrative Office of the US Courts that would give it the power to distribute malware, hack, and trick any computer, anywhere in the world, in the course of investigations; it's the biggest expansion of FBI spying power in its history and they're hoping to grab it without an act of Congress or any public scrutiny or debate. Read the rest

Surveillance requests for "postal metadata" climbed 600% in recent years, often undertaken with badly formed or expired warrants. Read the rest

I reviewed it when it was released in August 2013, calling it "brisk, eminently readable, and important history of the relationship between law, law enforcement, and the net, and as you'd expect, it's excellent" ($13 for the paperback) Read the rest

Apple has announced that it will spoof the MAC addresses emitted by its wireless devices as an anti-tracking measure, a change that, while welcome, is "an umbrella in a hurricane" according to a good technical explainer by the Electronic Frontier Foundation's Jeremy Gillula and Seth Schoen. Read the rest

Last week, I wrote about danah boyd's analysis of the White House's Big Data report [PDF]. Now, the Electronic Frontier Foundation has added its analysis to the discussion. EFF finds much to like about the report, but raises two very important points:

* The report assumes that you won't be able to opt out of leaving behind personal information and implicitly dismisses the value of privacy tools like ad blockers, Do Not Track, Tor, etc

* The report is strangely silent on the relationship between Big Data and mass surveillance, except to the extent that it equates whistleblowers like Chelsea Manning and Edward Snowden with the Fort Hood shooter, lumping them all in as "internal threats" Read the rest

Recently I saw a movie on the life and death of Aaron Swartz, who is nowadays often called a martyr for the freedom of the Internet.

People, nations and governments like martyrs. They love them, they need them. Martyrs are part of our bipolar, black and white society constructed from good and bad guys, who always do good and bad deeds. Martyrs are those who have escaped our human condition, of being judged by people as people. Martyrs are beyond judgement, they become the scapegoats for our biggest failures, for the banality of evil, as Hannah Arendt phrased it. Read the rest

Australian Simon Gittany murdered his girlfriend, Lisa Harnum, after an abusive relationship that involved his surveillance of her electronic communications using off-the-shelf spyware marketed for purposes ranging from keeping your kids safe to spotting dishonest employees. As Rachel Olding writes in The Age, surveillance technology is increasingly a factor in domestic violence, offering abusive partners new, thoroughgoing ways of invading their spouses' privacy and controlling them.

The spyware industry relies upon computers -- laptops, mobile devices, and soon, cars and TVs and thermostats -- being insecure. In this, it has the same goals as the NSA and GCHQ, whose BULLRUN/EDGEHILL program sought to weaken the security of widely used operating systems, algorithms and programs. Every weakness created at taxpayer expense was a weakness that spyware vendors could exploit for their products.

Likewise, the entertainment industry wants devices that are capable of running code that users can't terminate or inspect, so that they can stop you from killing the programs that stop you from saving Netflix streams, running unapproved apps, or hooking unapproved devices to your cable box.

And Ratters, the creeps who hijack peoples' webcams in order to spy on them and blackmail them into sexual performances, also want computers that can run code that users can't stop. And so do identity thieves, who want to run keyloggers on your computer to get your banking passwords. And so do cops, who want new powers to insert malware into criminals' computers.

There are a lot of ways to slice the political spectrum -- left/right, authoritarian/anti-authoritarian, centralist/decentralist. Read the rest