Americans are horrified by DHS plan to track immigrants on social media

Starting October 18th, the Department of Homeland Security will collect and store “social-media handles, aliases, associated identifiable information and search results” in the permanent files of all immigrants. This will include new immigrants, in addition to permanent residents and naturalized citizens.

There are around 43 million foreign-born people living in the US right now. And even if you don’t personally know someone who’ll be made into a terrifying dossier for Trump’s anti-immigrant foot soldiers, you’ll most certainly show up in those millions of files somewhere as a “like” or other piece of tangential social metadata.

USA-IMMIGRATION/WALL

People who have commented on the act are comparing it to round-up lists and internment-camp dossier-building. Considering the Trump administration’s plans for using data to hunt immigrants at our borders, those commenters might not be too far off. And what they don’t know is that non-immigrants are going to be collateral damage.

The “Modified Privacy Act System of Records” will also include: “publicly available information obtained from the internet, public records, public institutions, interviewees, commercial data providers and information obtained and disclosed pursuant to information sharing agreements.” Commercial data suppliers are companies like Equifax, and “people search” vendors like Intelius and Axicom.

That “people search” websites are involved in the data collection should make us worry for many reasons. With a quick search of your name on any “people search” website like Intelius or WhitePages, you’ll see your name, date of birth, names of family members, current and past addresses, your phone number — and much more.

U.S. Citizenship and Immigration Services Office (USCIS)

People-search sites get their data from public records and corporations selling your information to them (including third-party fine-print agreements you agree to by using businesses such as eBay). The information they collect sometimes depends on the site’s Terms of Use regarding sharing information with third parties, as well as your privacy selections on that site (e.g., your Facebook likes and interests, your friends, your tweets, the work information you provide to LinkedIn).

The new dossiers on immigrants will include all kinds of information gleaned both directly and indirectly from social-media profiles. And worse yet, much of the information might not even be accurate. In a now-removed post from Intelius’ blog, the company stated:

In a new age of modern permanent records, popular sites like Facebook and Twitter are the face of a hidden world of commercial data brokers. Moreover, not all information is accurate, and even if consumers are aware, they are unable to erase or correct their personal records.

Intelius conceded in a 2009 SEC filing that the information that it and similar companies sell is often inaccurate and out of date. For example, when I reviewed my people-search files before deletion, my first-ever roommates were listed in multiple places as my nearest relatives.

César Cuauhtémoc García Hernández, assistant professor at the University of Denver Sturm College of Law, told press, “The fact that information gleaned from Facebook or Instagram or other social-media networks might not be reliable doesn’t mean that it will preclude DHS from using it as a basis for excluding people from the United States.”

If you’re still wondering what might be in these dossiers, go check out an article in The Guardian in which a woman gets a copy of all 800 (!) pages of her Tinder history (an option available only to EU citizens). It’s not what’s in her Tinder history that applies here; rather it’s what that history contains about a person’s activity around that one account that will sober you up.

In addition to her Tinder activity, the company collected her Facebook “likes,” her photos from Instagram (even after she deleted the associated account) and much more.

MATCH GROUP-RESULTS/

The act itself avoids detailing both the method of collection and security of storage for these expanded dossiers. Perhaps we can expect the DHS and US Citizenship and Immigration Services (USCIS) to protect these records, which will undoubtedly include plenty of US citizens, as thoroughly as it safeguards its other precious data stores.

The US government tried for a while to convince the public that the “metadata” in its hoovering up of our records was no big deal. At RSA in 2015, Congressman Mike Rogers told the giant security conference’s attendees more than once that metadata in bulk-surveillance collection “is just the ‘To: From:’ like the front of an envelope.” I suspect we can expect the same kind of run-around (or worse) if this administration is put on the spot.

It’s going to be messy, and make no mistake: It will affect all of us. Chances are good that you have friend, co-worker or family member born outside of the US. Attorney Adam Schwartz told BuzzFeed that this will also affect all US citizens who communicate with immigrants. A close read of the document shows that finding out what is in one’s file will be incredibly difficult, and correcting any bad info nigh impossible.

It’s kind of like they’re leveraging Facebook, and all the others, into policing our borders in a wholly different way than a blunt-force “Muslim ban.” It’s far, far more insidious.

The “Modified Privacy Act System of Records” is set to go into effect on October 18th, though it’s in an open comment period until then. The comments so far are overwhelmingly opposed to the changes; the words “horrified,” “shocked” and “appalled” are frequent.

Some commenters openly state fears about how this affects their children; others talk about where this is leading us as citizens at the mercy of a data-grabbing government. And there are more than a few mentions of 1930s Germany and Japanese internment.

This is happening. Americans and those who want to be Americans are scared. Those affected by the DHS plan to gather social media aren’t stereotypes: They’re people, and they’re us. It’s easy to feel disempowered by this disgusting system, and the overwhelming juggernaut of greedy data-dealers like Facebook — at whose feet I believe we can squarely lay blame for way too many aspects of our current situation.

But I hope that we’ll all look at this hideous and contorted future together and fight it.

Images: BoJorge Duenes / Reuters (border wall), Getty Images (USCIS), Mike Blake / Reuters (Tinder icon)

Engadget RSS Feed

AccuWeather’s iPhone app may track you even if you opt out (update)

AccuWeather on iOS might be deceiving users and violating Apple’s developer terms of service, security expert Will Strafach has discovered. If you deny it access to location info, the popular app reportedly still sends WiFi data, namely your router name and BSSID, to a third-party ad firm called Reveal Mobile. Furthermore, the app can even track you when it’s not open by using Bluetooth beacon data.

Strafach, well known for his early iOS jailbreak hacks, notes that he was actually researching a separate security problem on Accuweather’s iOS app. However, during testing he discovered that the app sent data 16 times to Reveal Mobile, installed as a third-party SDK on AccuWeather. According to the company’s own PR, it works as a way “to help app publishers and media companies extract the maximum value from their location data.” That can generate a lot of money both for Reveal Mobile and AccuWeather, he notes.

Furthermore, Reveal Mobile’s SDK may also collect user location data via Bluetooth beacons, Strafach believes. According to Reveal Mobile’s own product description, when you’re near one, it can figure out your location and turn the info into data it can sell. “While traditional lat/long audiences require the app to be open and running, detecting or ‘bumping’ beacons can occur when apps are not in use,” the company writes. “This allows Reveal Mobile to build larger, and more accurate, location-based audiences.”

Obviously, the company can generate more revenue if an app collects data even when users opt out. However, that “violate[s] user trust,” Strafach notes, and seemingly Apple’s developer agreement as well.

You may not track an end-user’s WiFi network usage to determine their location if they have disabled location services for your application. –Apple developer agreement.

Though tracking WiFi BSSID names may seem innocuous, the FTC is investigating a company called InMobi about that same thing, he adds. “By collecting the BSSID (i.e., a unique identifier) of the WiFi networks that a consumer’s device connected to or was in-range of, and feeding this information into its geocoder database, InMobi could then infer the consumer’s location,” the FTC says, adding that InMobi also did this when users opted out of geolocalization.

On Twitter, Strafach replied to users who say that app tracking is expected nowadays. “Most app analytics are usually quite tame … this case goes further than what most apps do.” Tracking such information doesn’t appear to be possible on Android, as Google has been aware of the potential for WiFi tracking abuse for a while now. Since version 6.0 (Marshmallow), applications must obtain user permission before they can access a network’s BSSID. We’ve reached out to Apple and AccuWeather for more information.

Update: Reveal has provided an emailed statement to Engadget and said that it “honors all operating system level ‘limit ad tracking’ and ‘do not track’ permissions.” At the same time, it said that “in looking at our current SDK’s behavior, we see how that can be misconstrued.” Its full statement to Engadget is below, and they expanded on it in a blog post. On Twitter, Strafach noted the statement and said “I do not personally agree with their logic, but feel free to read and decide.”

We don’t attempt to reverse engineer a device’s location if someone opts out of location services, regardless of the data signal it comes from. In looking at our current SDK’s behavior, we see how that can be misconstrued. In response to that, we’re releasing a new version of our SDK today which will no longer send any data points which could be used to infer location when someone opts out of location sharing.

Via: 9 to 5 Mac

Source: Will Strafach (Medium)

Engadget RSS Feed

Apple Watch could soon track your sleep and fitness levels

The Apple Watch is billed as a fitness-focused device, but it doesn’t really make sense of fitness data — you’re supposed to interpret the numbers yourself. However, Apple might soon give its wristwear some added smarts. Bloomberg sources claim that the Apple Watch will get apps that track sleeping patterns and fitness levels. It’s not certain how the sleep tracking would work (most likely through motion), but the watch would gauge your fitness by recording the time it takes for your heart rate to drop from its peak to its resting level.

It’s not certain when you’d get the apps. Apple, for its part, hasn’t commented. However, neither of these new features would require new hardware. Sleep tracking wearables have been around for a while, and the fitness measurement would just be a matter of parsing the heart rate data you can get from any Apple Watch.

If real, the move would be part of a broader effort to transform Apple’s overall approach to health. Reportedly, it wants its HealthKit framework to help “improve diagnoses,” not just collect data. You and your doctor could watch out for telltale signs of a condition, or measure your progress on the road to recovery. This would undoubtedly help Apple’s bottom line (you’d have to use at least an iPhone to get this information), but it could also help you make important life decisions.

Via: 9to5Mac

Source: Bloomberg

Engadget RSS Feed