Facebook caught testing Instagram user location history →

October 5, 2018 Jonathan Greig

Instagram's founders resigned last week reportedly over efforts by Facebook to gather more user information from the popular app for targeted ads.

Facebook's rough week started with news of a potential data breach exposing nearly 50 million users and is ending with further controversy, now that eagle-eyed tech researcher Jane Manchun Wong discovered testing for a feature that would give location data from Instagram -- even if the app was closed -- to Facebook.

Facebook was forced to release a statement to TechCrunch about the feature, and Wong said it was later shut down. But the move comes on the heels of a major change in management at Instagram. The company's founders, Kevin Systrom and Mike Krieger, quit last week amid rumors that they, like recently-resigned WhatsApp founder Jan Koum, were having increased concerns about Facebook's stance on data, privacy, and information collection practices.

Facebook announced recently that former News Feed VP Adam Mosseri would run Instagram, with the primary goal being closer ties between the two apps. Instagram continues to be one of Facebook's best purchases and has helped the company's popularity stay afloat amid a seemingly never-ending stream of bad news.

But the company was recently fined $122 million by the EU for siphoning data from WhatsApp. Facebook has been able to use its other, more successful apps to push people back into the Facebook orbit with constant ads and attempts to take you to the main Facebook app. With location data from Instagram, Facebook would be able to target ads based on where you are and note what stores you go to.

"To confirm, we haven't introduced updates to our location settings. As you know, we often work on ideas that may evolve over time or ultimately not be tested or released," a Facebook spokesperson told TechCrunch.

"Instagram does not currently store Location History; we'll keep people updated with any changes to our location settings in the future," it added, implying that there were plans for the feature to appear in both Instagram and Facebook Messenger. The feature may also be tied to other efforts on Facebook to tie events to locations and create "find friends nearby" capabilities.

Users could find the information stored in Facebook Profile's Activity Log, even containing maps of where you went with the time and date. When you go to the page, a Learn More tab leads you to an explanation from Facebook where it openly admits to tracking your location even when the app is not in use.

"When Location History is on, Facebook will periodically add your current precise location to your Location History even if you leave the app. You can turn off Location History at any time in your Location Settings on the app," it writes.

"Facebook may still receive your most recent precise location so that you can, for example, post content that's tagged with your location. Location History helps you explore what's around you, get more relevant ads, and helps improve Facebook."

Google employs many of the same tracking tactics as Facebook and has been similarly criticized for the data it stores on your location history even when you aren't using its apps. It faced a heavy amount of criticism and blowback from users in August when the AP confirmed that Google could and did track people even when they turned the Location History feature off.

Location data is a particularly thorny issue, especially after a Facebook employee was arrested in May after stalking a woman online using his position as an engineer to track certain data about her. Facebook chief security officer Alex Stamos was forced to apologize in a statement at the time, writing that it was "important that people's information is kept secure and private when they use Facebook."

"It's why we have strict policy controls and technical restrictions so employees only access the data they need to do their jobs - for example to fix bugs, manage customer support issues or respond to valid legal requests," he added.

"Employees who abuse these controls will be fired."

*this story was featured on Download.com on October 5, 2018: https://download.cnet.com/blog/download-blog/facebook-caught-testing-instagram-user-location-history/

Google Images finally adds photo credit to its listings and metadata →

September 28, 2018 Jonathan Greig

A deal signed with Getty forced Google to make a number of changes to how people search and access photos through the site.

Google has finally acquiesced to demands from photographers and content creators across the world by adding important metadata to every photo found in its search engine. The move culminates a year of massive changes to Google's image search after Getty Images filed a 2016 antitrust lawsuit against them in the EU.

Getty eventually withdrew the lawsuit in February after agreeing to a partnership with Google that included many of the changes announced today. Getty Images is one of many news or content organizations who have long charged that Google effectively aids digital piracy by making it easy for users to take images without knowing anything about who took or made the image and who owns the rights.

In their 2016 lawsuit, Getty claimed Google's practices "promoted piracy, resulting in widespread copyright infringement, turning users into accidental pirates," and said Google's "view image" function -- which allowed you to view an image without going to its original location -- was a specific effort by the company to "reinforce its role as the Internet's dominant search engine, maintaining monopoly over site traffic, engagement data and advertising spend."

"Artists need to earn a living in order to sustain creativity and licensing is paramount to this; however, this cannot happen if Google is siphoning traffic and creating an environment where it can claim the profits from individuals' creations as its own," Getty Images lawyer Yoko Miyashita said.

In a blog post yesterday, Google Product Manager Ashutosh Agarwal said they were working with the Center of the Picture Industry (CEPIC) and International Press Telecommunications Council (IPTC) to set up better rules for attribution and create clearer guidelines that kept things easy for users while protecting the rights of the content owners.

"As part of a collaboration between Google, photo industry consortium CEPIC, and IPTC, the global technical standards body for the news media, you can now access rights-related image metadata in Google Images," he wrote.

"It's traditionally been difficult to know the creator of images on the web, as well as who might own the rights. This information is often part of image metadata, and is key to protecting image copyright and licensing information. Starting today, we've added Creator and Credit metadata whenever present to images on Google Images."

Google removed the "view image" button in February as part of the deal to end the Getty lawsuit, forcing many users to go through the host website to find the image. While there is still a way around this, a number of Google users complained that photos were often difficult to find within websites and some outlets had protected their images so they could not be downloaded at all. Google also made significant changes to the search by image function to reflect their commitment to protecting creators' rights.

Getty and Google agreed to a years-long partnership in February that will see them license their work to Google and assist in improving the search engine's capabilities regarding images.

"We will license our market leading content to Google, working closely with them to improve attribution of our contributors' work and thereby growing the ecosystem," said Getty Images CEO Dawn Airey said in a statement earlier this year.

Agarwal said Google will also be rolling out a Copyright Notice feature in the coming months as well, which will attach legal information to other metadata that comes with photos.

Google has made a concerted effort this year to work with news outlets and photo websites to assuage complaints that the search giant was purposefully robbing hundreds of websites of ad revenue by allowing users to effectively bypass these websites for their content. Last year, Google was fined 2.42 billion Euros by the EU for distorting their search results in order to push users to their own services, specifically for shopping, as opposed to others. Google was forced to make changes to their algorithm due to the fine, and it brought a greater spotlight on the search engine's practices.

But image creators are rejoicing at Google's decision, hopeful that the changes will bring better photo attribution and revenue to those creating the content itself.

"Employing IPTC metadata standards in Google Images results will help ensure proper attribution of credit and support photographers' copyright, while also boosting the discoverability of content and creators," said Andrew Fingerman, CEO of PhotoShelter.

"This is a win for the professional photo community."

*this article was featured on Download.com on September 28, 2018: https://download.cnet.com/blog/download-blog/google-images-finally-adds-photo-credit-to-its-listings-and-metadata/

EU copyright reform proposal: 3 things businesses need to know →

June 8, 2018 Jonathan Greig

The controversial copyright measure is making its way through the European Parliament ahead of a committee vote on June 20 and parliamentary vote in July or September.

Members of the European Parliament are trading barbs over a proposed measure that could have drastic effects on the internet in Europe. The update to the EU Copyright Directive does a number of things, but the significant changes come to how information is shared and copyright infringement, specifically noted in Article 13 of the proposal.

The European Parliament described the law as creating "a new ancillary right for news publishers, often dubbed 'the link tax', and second, it places a new general obligation on internet platforms and websites to pre-monitor user content on their website for copyright infringements."

This has sent shockwaves through the internet and has pitted major news outlets and media companies against internet giants like Google and Wikipedia, which would suffer most under the new rules.

Jan Gerlach, Public Policy Manager for the Wikimedia Foundation, said the new rule "threatens freedom of expression, collaboration, and diversity online." She takes aim squarely at the Commission's suggestion that all websites needed to "implement upload filters, or, as they call them, 'effective content recognition technologies'."

"As currently written, Art. 13 would harm freedom of expression online by inducing large-scale implementation of content detection systems," Gerlach said. "People's ability to express themselves online shouldn't depend on their skill at navigating opaque and capricious filtering algorithms. Automatic content filtering based on rightsholders' interpretation of the law would—without a doubt—run counter to these principles of human collaboration that have made the Wikimedia projects so effective and successful."

The rule change is currently under debate and the European Parliament's legal affairs committee will vote on it on June 20. It will then move to a parliamentary vote in either July or September.

Here are the three things businesses need to know.

1. News sites to get extra copyrights

The law will require everyone to get a license from news outlets before they publish links to stories. The short snippet and photo you see when you share a story on Facebook and Twitter would now be considered copyright infringement.

Other countries like Germany and Spain have tried link taxes before to no avail, and news publishers quickly soured on them as well. The only place to manage it effectively is China, where they have much stricter controls on the news that is published.

German politician and Member of the European Parliament Julia Reda said the measure would be nearly impossible for some websites to contend with and would place an unnecessary burden on the wrong people.

"Reciting a headline from the cold war era would suddenly require permission from the original publisher, who may have long since gone out of business. Where the Commission wants to apply this right to press publishers only, Mr. Arimont explicitly includes academic publishers, a move that would spell disaster for any open access initiatives," Reda said.

2. Copyright infringement checks

All internet platforms would be required to scan all user content for any potential copyright infringement. They do not say how websites should accomplish this task, and presumably assume they should either develop their own mechanism for checking user content or hire third-party companies to manage it for them, a costly endeavor for any business.

Dutch intellectual property professor Dr Martin Senftlebens said the rule would lead to "further market concentration and less information diversity."

"It will be much more difficult to find investors for new start-up platforms," Senftlebens said.

Some European parliament members backed the measure, questioning why websites can filter for racist or offensive content but cannot make exceptions for copyrighted material.

"There are filters in terms of sensitive content, fighting terrorism and racism and incitement to hatred - so why should it be so hard to extend filtering to copyrighted content? We have the mechanisms already," said French MEP Jean-Marie Cavada.

3. Review process

Websites will also be forced to create a review process to allow rightsholders to update this database of copyrighted works with more copyrighted works. This process will be costly for smaller websites and presents a host of problems that have yet to be addressed by parliament.

Cory Doctorow of the Electronic Frontier Foundation wrote that the rule will fall apart because copyright infringement software is still not good enough. YouTube developed its own and is still continuously criticized by media companies for failing to stop more people from stealing work.

But at its core, Doctorow said, the law goes after the wrong people.

"Article 13 punishes any site that fails to block copyright infringement, but it won't punish people who abuse the system. There are no penalties for falsely claiming copyright over someone else's work. It will be a lot easier to make these false claims that it will be to figure out which of the hundreds of millions of copyrighted claims are real and which ones are pranks or hoaxes or censorship attempts," Doctorow said.

"Article 13 also leaves you out in the cold when your own work is censored thanks to a malfunctioning copyright bot. Your only option when you get censored is to raise an objection with the platform and hope they see it your way—but if they fail to give real consideration to your petition, you have to go to court to plead your case."

*this article was featured on TechRepublic.com on June 8, 2018: https://www.techrepublic.com/article/eu-copyright-reform-proposal-3-things-businesses-need-to-know/

Microsoft extending GDPR protections to all global customers, here's how →

May 22, 2018 Jonathan Greig

The tech giant now gives users the ability to transfer or delete all of the data it has collected through its programs, apps, and search engines.

Microsoft said it will give all of its users across the world many of the same protections enshrined in the EU's impending General Data Protection Regulation, which comes into effect on May 25.

The passing and enforcement of the GDPR has become somewhat of a watershed moment for privacy as consumers gain a fuller picture of the data tech companies collect on a daily basis. In a statement, Microsoft CEO Satya Nadella laid out the plethora of ways they gather information and either use it themselves or offer it to other companies.

Nadella said Microsoft collects data on your web browsing and online searchers, places you go using map apps, Windows 10 and any of your online services, fitness and health apps, any ads you click on, sign-in, and payment data. The firm also leverages any connected device sensors you may have in your home or car, according to the statement.

But users now have access to a privacy dashboard that allows you to easily regulate or opt out of any data collection. You can delete all of your search history and data or move it somewhere else.

"We believe privacy is a fundamental human right. As people live more of their lives online and depend more on technology to operate their businesses, engage with friends and family, pursue opportunities, and manage their health and finances, the protection of this right is becoming more important than ever," Julie Brill, corporate vice president of Microsoft, said in a blog post. "Today we are announcing that we will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide. Known as Data Subject Rights, they include the right to know what data we collect about you, to correct that data, to delete it and even to take it somewhere else."

Other tech giants have struggled to comply with the regulations soon to take effect, and have waffled on whether their users worldwide will be given the same rights and options as those in the EU.

Just last month, Facebook CEO Mark Zuckerberg was criticized for demurring when asked whether US users would get access to GDPR rights. In response to an uproar after his comments, he said, "We intend to make all the same controls and settings available everywhere, not just in Europe. Is it going to be exactly the same format? Probably not."

Analysts and journalists have noted that despite some cosmetic changes, Facebook still makes it very difficult for users to opt out of its robust data collection efforts. In their review of Facebook's privacy changes, TechCrunch noted that "the fact that the button to reject the new Terms Of Service isn't even a button, it's a tiny 'see your options' hyperlink shows how badly Facebook wants to avoid you closing your account."

"It seems obvious that Facebook is trying to minimize the visibility of the path to account deletion rather than making it an obvious course of action if you don't agree to its terms," TechCrunch later added.

Microsoft is also gaining business through their GDPR compliance services, which are available for businesses of all sizes.

Many tech companies will likely release new service agreements on Friday and have already made changes to how they notify you of what data they collect and share with third parties.

*this article was featured on TechRepublic.com on May 22, 2018: https://www.techrepublic.com/article/microsoft-extending-gdpr-protections-to-all-global-customers-heres-how/

Welsh police facial recognition software has 92% fail rate, showing dangers of early AI →

May 8, 2018 Jonathan Greig

Data released by the UK police force confirmed claims from watchdog groups that the software is inaccurate.

Police officials in South Wales are battling criticism of their new facial recognition technology after it was revealed that the program had a 92% fail rate when it was used at the June 2017 UEFA Champions League Final in Cardiff, meaning only 8% of the people "identified" were actual matches with names and faces in the criminal database.

According to statistics released by the South Wales Police, their Automated Facial Recognition (AFR) 'Locate' system found 2,470 potential matches out of 170,000 attendees and a database of 500,000 images of persons of interest at the event last summer. Only 173 were correctly identified and actually matched someone in the database.

Overall, the program has been used at 15 events and flagged 2,685 people, only 234 of whom were truly persons of interest, according to the statistics.

The South Wales Police countered the troubling fail rate with their own statistics: 2,000 positive matches and 450 arrests in the last nine months since the program was put into use. They add that no one has ever been mistakenly arrested after being flagged and the officers in charge can, and often do, dismiss matches if they believe it is an obvious misidentification. If there is a match, an "intervention team" is sent to question and possibly arrest the person.

"Officers can quickly establish if the person has been correctly or incorrectly matched by traditional policing methods i.e. normally a dialogue between the officer/s and the individual," a police spokeswoman told Wired.

In addition to never erroneously arresting anyone, the South Wales Police claimed in a press release that "no members of the public have complained."

But some members of the public have, in fact, complained. Tony Porter, the UK's Surveillance Camera Commissioner, wrote in a 2017 report that the facial recognition program needed oversight to stop it from becoming "obtrusive."

"The public will be more amenable to surveillance when there is justification, legitimacy and proportionality to its intent," Porter told Wired. "Currently there are gaps and overlaps in regulatory oversight."

In a February report submitted to the House of Lords by watchdog group Big Brother Watch, Silkie Carlo, the group's director, wrote that there is "no law, no oversight, and no policy regulating the police's use of automated facial recognition." The UK government, he said, had not even set a target fail rate, allowing the system to continue flagging thousands of people erroneously at wildly high rates.

Carlo's report also added that facial recognition algorithms are known to be inaccurate, citing statistics from the US Government Accountability Office that showed "facial recognition algorithms used by the FBI are inaccurate almost 15% of the time and are more likely to misidentify female and black people."

In the report, Carlo also criticizes the database of photos taken from events and stored on police hard drives. At large events, CCTV cameras are set up in specific spots near the venue and are fed into a computer, which takes the video and scans every face to match it against the police database of 500,000 people they're looking for, Carlo wrote. But concerns have been raised about the CCTV footage and how long it is kept by police.

"The custody image database, which provides the basis for both facial matching and automated facial recognition, unnecessarily contains a significant proportion of photos of innocent people under what is likely to be an unlawful retention policy," Carlo wrote.

The South Wales Police have released multiple reports addressing this, writing that they are "very cognisant of concerns about privacy and we have built in checks and balances into our methodology to make sure our approach is justified and balanced. We have had detailed discussions and consultation with all interested regulatory partners."

The report later adds that: "Watchlists and the associated metadata are manually added to the system and will be reviewed regularly to ensure accuracy and currency and will be deleted at the conclusion of the respective deployment."

Matt Jukes, the chief constable of the South Wales Police, told the BBC that they needed to use the technology to protect large events like concerts and games from terrorist threats but "don't take the use of it lightly" and were attempting to make "sure it is accurate."

Facial recognition technology is being used by a number of countries, most notably Australia and China, which has a particularly robust algorithm that they use extensively.

NEC, the company that created the software being used by the South Wales Police, admitted to ZDNet in October that the program does not do well when working against a database as large as the one used in Cardiff and said the system was more accurate when used in smaller pools of people.

Chris de Silva, Europe head of Global Face Recognition Solutions, said, "You're going to find false alarms, and you are going to get answers, but they are not going to be always correct, and the more of that you get, the less likely people are going to be happy about using the system."

Being that the system has likely encountered EU citizens, questions could be raised about how its capabilities, and the underlying database, fit into the upcoming GDPR guidelines. Additionally, the high failure rate of such a program could be evidence that artificial intelligence (AI) used in tools like this may not be ready for primetime, especially when it comes to a contentious use case such as predictive policing.

*this article was featured on the Tech Republic website on May 8, 2018: https://www.techrepublic.com/article/welsh-police-facial-recognition-has-92-fail-rate-showing-dangers-of-early-ai/