A user of Amazon’s Alexa voice assistant in Germany got access to more than a thousand recordings from another user because of “a human error” by the company.
The customer had asked to listen back to recordings of his own activities made by Alexa but he was also able to access 1,700 audio files from a stranger when Amazon sent him a link, German trade publication c’t reported.
“This unfortunate case was the result of a human error and an isolated single case,” an Amazon spokesman said.
The first customer had initially got no reply when he told Amazon about the access to the other recordings, the report said. The files were then deleted from the link provided by Amazon but he had already downloaded them on to his computer, added the report from c’t, part of German tech publisher Heise.
CRYPTOCURRENCY INDUSTRY FACES INSURANCE HURDLE TO MAINSTREAM AMBITIONS
Cryptocurrency exchanges and traders in Asia are struggling to insure themselves against the risk of hacks and theft, a factor they claim is deterring large fund managers from investing in a nascent market yet to be embraced by regulators.
Getting the buy-in from insurers would mark an important step in crypto industry efforts to show that it has solved the problem of storing digital assets safely following the reputational damage of a series of thefts, and allow it to attract investment from mainstream asset managers.
“Most institutionally minded crypto firms want to buy proper insurance, and in many cases, getting adequate insurance coverage is a regulatory or legal requirement,” said Henri Arslanian, PwC fintech and crypto leader for Asia.
“However, getting such coverage is almost impossible despite their best efforts.”
Many asset managers are interested in digital assets. A Greenwich Associates survey, published in September, said 72% of institutional investors who responded to the research firm believe crypto has a place in the future.
Last month, Mohamed El-Erian, Allianz’s chief economic adviser said that cryptocurrencies would gain wider acceptance as institutions began to invest in the space.
Most have held off investing so far however, citing regulatory uncertainty and a lack of faith in existing market infrastructure for storing and trading digital assets following a series of hacks, as well the plunge in prices.
The total market capitalisation of crypto currencies is currently estimated at approximately US$120bil (RM502bil) compared to over US$800bil (RM3.3tril) at its peak in January.
“Institutional investors who are interested in investing in crypto will have various requirements, including reliable custody and risk management arrangements,” said Hoi Tak Leung, a senior lawyer in Ashurst’s digital economy practice.
“Insufficient insurance coverage, particularly in a volatile industry such as crypto, will be a significant impediment to greater ‘institutionalisation’ of crypto investments.”
Regulatory uncertainty is another problem for large asset managers. While crypto currencies raise a number of concerns for regulators, including money laundering risks, few have set out clear frameworks for how cryptocurrencies should be traded, and by whom.
Insurance might allay some of the regulators’ concerns around cyber security. Hong Kong’s Securities and Futures Commission recently said it was exploring regulating crypto exchanges, and signalled that the vast majority of the virtual assets held by a regulated exchange would need insurance cover.
Keeping crypto assets secure involves storing a 64 character alphanumeric private key. If the key is lost, the assets are effectively lost too.
Assets can be stored online, in so-called hot wallets, which are convenient to trade though vulnerable to being hacked, or in ‘cold’ offline storage solutions, safe from hacks, but often inconvenient to access frequently.
Over US$800mil worth of crypto currencies were stolen in the first half of this year according to data from Autonomous NEXT, a financial research firm.
Some institutions have started working to solve this problem, and may provide fierce competition to the incumbent players.
This year, Fidelity, and a group including Japanese investment bank Nomura have launched platforms that will offer custody services for digital assets.
Despite the industry’s complaints, insurers say that they do offer cover. Risk advisor Aon, received some two dozen inquiries this year from exchanges and crypto vaults seeking insurance, according to Thomas Cain, regional director, commercial risk solutions, at Aon’s Asian financial services and professions group.
“It is not difficult to insure companies that hold large amounts of crypto assets, but given the newness of the asset class and the publicity some of the crypto breaches have received, applicants need to make an effort to distinguish themselves,” Cain said.
The industry also says it is getting closer to solving the custody problem.
“This year there have been a number of developments, and some providers have developed custody solutions suitable for institutional clients’ needs,” said Tony Gravanis, managing director investments at blockchain investment firm Kenetic Capital.
“Players at the top end of the market have also been able to get insurance,” he said.
But this is not the case for all.
One cryptocurrency broker, declining to be named because of the subject’s sensitivity, said insurers struggled to understand the new technology and its implications, and that even those who were prepared to provide insurance would only offer limited cover. “We’ve not yet found an insurer who will offer coverage of a meaningful enough size to make it worthwhile,” he said. – Reuters
PICHAI PUTS KIBOSH ON GOOGLE SEARCH ENGINE FOR CHINA
Google is not working on a bespoke search engine that caters to China’s totalitarian tastes, and it has no plans to develop one, CEO Sundar Pichai told lawmakers on Capitol Hill Tuesday.
“Right now, we have no plans to launch in China,” he told members of the U.S. House Judiciary Committee at a public hearing on Google’s data collection, use and filtering practices.
“We don’t have a search product there,” he said. “Our core mission is to provide users access to information, and getting access to information is an important human right.”
Pichai acknowledged that the company had assigned some 100 workers to develop a search engine for totalitarian countries, however.
“We explored what search would look like if it were to be launched in a country like China,” he revealed.
A report about a Google search engine for China appeared in The Intercept this summer.
The project, code-named “Dragonfly,” had been under way since the spring of 2017, according to the report, but development picked up after Pichai met with Chinese government officials about a year ago.
Special Android apps also had been developed for the Chinese market, The Intercept stated, and had been demonstrated to the Chinese government for a possible rollout this year.
“We certainly hope they abandoned those plans,” said Chris Calabrese, vice president for policy for the Center for Democracy & Technology, an individual rights advocacy group in Washington, D.C.
“We didn’t think it was a good idea to build a search engine that would censor speech in order to go into the Chinese market,” he told the E-Commerce Times.
Google may have been testing the waters with its Chinese browser, maintained Russell Newman, assistant professor for the Institute for Liberal Arts & Interdisciplinary Studies at Emerson College in Boston.
“It’s an example of a firm seeing how far down the road it can go before it receives pushback,” he told the E-Commerce Times. “It discovers a limit, then pushes that limit a little more. I’d be surprised if they wholly gave up on the search engine for China.”
Mission: Protecting Privacy
In his opening remarks to the committee, Pichai declared that protecting the privacy and security of its users was an essential part of Google’s mission.
“We have invested an enormous amount of work over the years to bring choice, transparency and control to our users. These values are built into every product we make,” he said.
“We recognize the important role of governments, including this committee, in setting rules for the development and use of technology,” Pichai added. “To that end, we support federal privacy legislation and proposed a legislative framework for privacy earlier this year.”
Pichai also addressed a burning issue for Republican members of the panel.
“I lead this company without political bias and work to ensure that our products continue to operate that way,” he said. “To do otherwise would go against our core principles and our business interests.”
‘Bias Running Amok’
Among the Republicans on the committee who raised the issue of unfairness with respect to the way Google’s search algorithm treats conservative views was Mike Johnson, R-La.
“My conservative colleagues and I are fierce advocates of limited government, and we’re also committed guardians of free speech and the free marketplace of ideas,” he told Pichai.
“We do not want to impose burdensome government regulations on your industry,” Johnson continued. “However, we do believe we have an affirmative duty to ensure that the engine that processes as much as … 90 percent of all Internet searches, is never unfairly used to unfairly censor conservative viewpoints or suppress political views.”
Political bias is running amok at Google, charged committee member Louie Gohmert, R-Texas.
“You’re so surrounded by liberality that hates conservatism, hates people that really love our Constitution and the freedoms that it’s afforded people like you, that you don’t even recognize it,” he told Pichai, who was born in India.
“It’s like a blind man not even knowing what light looks like because you’re surrounded by darkness,” Gohmert added.
Despite Republican claims of liberal bias in Google’s algorithm, “there isn’t any evidence to back that up empirically,” Calabrese said.
Committee members also were concerned about Google’s market dominance.
“I’m deeply concerned by reports of Google’s discriminatory conduct in the market for Internet search,” said David Cicilline, D-R.I.
Google has harmed competition in Europe by favoring its own products and services over rivals, and by deprioritizing or delisting its competitors’ content, he noted citing European Commission findings.
“It is important for the U.S. government to follow the lead of other countries and closely examine the market dominance of Google and Facebook, including their impact on industries such as news media,” observed David Chavern, CEO of the News Media Alliance in Arlington, Va., a trade association representing some 2,000 newspapers in the United States and Canada.
“We will continue to urge for more hearings to examine ways in which the duopoly impacts the business of journalism, which is essential to democracy and civic society,” he told the E-Commerce Times.
Prelude to Privacy Law
House and Senate hearings in recent months are just the prelude to data privacy legislation that could be introduced next year.
“We’re certainly going to see a wide variety of comprehensive privacy bills filed, and I think we’ll make some progress,” Calabrese said.
“Advocates have seen the need for privacy legislation for a long time,” he said, “and now that we have privacy legislation set to kick in in California in 2020, there’s a lot of companies who would rather be governed by a federal law than they would a bunch of different state laws.”
If a general privacy law is enacted, it shouldn’t use Europe’s General Data Protection Regulation as a model, maintained Alan McQuinn, senior policy analyst for the Information Technology and Innovation Foundation, a public policy and technology innovation organization in Washington, D.C.
“We don’t want to see the GDPR enacted here in the states,” he told the E-Commerce Times.
“It is highly likely to create a drag on the European economy and hurt innovation and businesses,” McQuinn explained.
Privacy rules should be styled to fit industries, such as healthcare, finance and commerce, he suggested.
“The sector-specific approach that the U.S. has taken toward privacy has allowed for more innovation,” McQuinn noted, “and created the powerhouse of the digital economy that we have here.”
LOCATION DATA SELLING THREATENS CONSUMER PRIVACY
Selling location data collected by mobile phones has become a lucrative business, The New York Times reported Monday.
Location advertising sales are expected to reach US$21 billion this year, according to the article. At least 75 companies receive anonymous, precise location data from applications with the location services feature activated.
Several of those outfits claim to track 200 million mobile devices in the United States — about half of all devices in the country, the Times reported.
The data is very accurate, coming within a few yards of a person’s whereabouts at a point in time, and is updated often — as frequently as 14,000 times a day, the paper noted.
With that kind of accuracy and frequency, calling the data “anonymous” is a bit misleading.
“If you are collecting a person’s location over time, and it’s tied to a unique identifier, it’s disingenuous to call that anonymous,” said Natasha Duarte, a policy analyst with the Center for Democracy & Technology in Washington, D.C.
“If you have information about where people are going and where people live, you can build the story of who that location data belongs to,” she told TechNewsWorld.
Someone can learn a lot about you from your location, said French Caldwell, CFO of The Analyst Syndicate, an IT research and analysis group.
“They can tell what your interests are and who you’re meeting with,” he told TechNewsWorld. “Your location data tells more about you than your Social Security number.”
Businesses that collect consumer data typically say they’re not interested in individuals but in patterns. Data collected on individuals is “anonymized” by attaching it to an ID number. However, that ID doesn’t even have the cover of a fig leaf for anyone with access to raw location data.
Those people, who include employees or customers of the data collector, still could identify individuals without their consent, as the Times did in compiling its report.
Not surprisingly, the leaders in location-based advertising are Google and Facebook. Both companies offer mobile apps that they use to collect location data. They say they don’t sell it but use it only internally, to personalize services, sell targeted ads online, and determine if the ads lead to sales in the physical world.
Google did not respond to a request for comment for this story. Facebook, through spokesperson Jay Nancarrow, declined to comment.
Some large companies have started to get in front of the location data issue before it becomes a problem for them. For example, Verizon and AT&T announced during the summer that they would stop selling their customers’ location data to data brokers.
Most mobile apps request permission to use a device’s location services before accessing them, but the Times found that process could be misleading. An app might ask for location services access for one purpose but use the information for multiple purposes.
“Not all app notices are perfectly clear as to what location data is being used for,” CDT’s Duarte said.
“Often the app will ask, ‘Do you want us to use your location to provide you with local weather information, or personalize your experience, or improve the accuracy of the maps that you’re using?’ They don’t list all the other purposes the data will be used for — like advertising and sales to third parties,” she pointed out.
Some 1,400 popular applications contain code to share location information, the Times reported. About 1,200 were written for Android phones and 200 for Apple models.
In a sample of 17 apps sending precise location data, three Apple iOS programs and one Android offering mentioned that location data could be used for advertising while seeking permission to access the service, the Times found.
Understanding what’s done with location data can be an onerous task for a consumer. It requires reading user agreements and privacy policies, and changing settings for all the apps on a phone.
“That can be incredibly time-consuming,” Duarte said. “No individual has the capacity to do that properly, and it’s not a burden we should be placing on individuals to depend on location-based services.”
How concerned are consumers about possible abuse of their location information?
“Most consumers don’t care, but there’s a creepiness factor that bothers them a little bit,” said The Analyst Syndicate’s Caldwell.
“We’ve all been on the Web and looked at a new pair of shoes or something, and all of sudden all you see in your browser for hours are ads for those things,” he continued.
“The same kind of thing is happening with your physical location,” Caldwell pointed out. “Stores are tracking your location and will start pushing suggestions to you based on where you went in that store. There’s a creepiness factor there.”
Consumers are very concerned about what’s being done with their location data, maintained Duarte.
“The problem isn’t that consumers are not concerned,” she said.
“It’s that even if you’re very concerned, it’s impossible for anyone to have the capacity and time to understand all the things companies are doing with your data, and then go into your settings and make the choices that align perfectly with your personal privacy interests,” Duarte explained.
“What really needs to happen is for our laws to recognize that location privacy in a commercial context has to be built into any service,” she suggested.
Congress should pass a commercial privacy law, “which would include limits on how companies can collect and use location information,” Duarte said.
Such a law might include provisions already adopted in Europe’s General Data Protection Regulation, which allow people to access information companies have collected about them, correct information if it’s used to make important decisions about them, and delete information.
One area where U.S. lawmakers may want to depart from the GDPR is in consent. The European rule allows data to be collected if consent is given by the owner of the data.
“Some uses of information shouldn’t be allowed even with consent,” Duarte said. “One of those uses might be repurposing of location information — collecting the information for a location-based service, then reusing it for something completely unrelated — like location-based advertising — or selling it to a data broker.”