6 Examples of Online Privacy Violation侵犯网络隐私六例
2022-01-18凯拉·马修斯译/罗小凡审订/黄勤KaylaMatthews
凯拉·马修斯 译/罗小凡 审订/黄勤 Kayla Matthews
Most people share data without thinking about it. They provide information to companies while purchasing merchandise, signing up for email lists, downloading apps and more. They also expect the respective enterprises to safeguard those details.
Unfortunately, the businesses in question often fall short of the task, exposing valuable data. The resulting violation of privacy laws can lead to huge fines and eroded public trust.
Here are six recent examples of companies that failed to do everything they could to respect users privacy.
1. Zoom gave data to third parties without users knowledge
An April 2020 piece from The New York Times alleged that popular video conferencing site Zoom engaged in undisclosed data mining during user conversations. The coverage asserted that when a person signed into a meeting, Zoom transmitted their data to a system that matched individuals with their LinkedIn profiles. The incident happened via a subscription-based tool called LinkedIn Sales Navigator that Zoom offered customers to assist with their marketing needs.
Moreover, when someone signed into a Zoom meeting with an anonymous name, the tool still connected that person to their respective LinkedIn profile. Thus, the person had their real name revealed to a fellow user despite efforts to keep it private. Zoom promised to disable the tool and remove it from the companys offerings.
2. Google violated childrens privacy laws
Google is under fire for violation of privacy laws, recent reports say. A California federal court received a lawsuit from two children suing the tech giant through their father. The pair assert that the G Suite for Education platform unlawfully collects biometric1 data from kids who use it. If so, that action would likely mean Google disregarded the Childrens Online Privacy Protection Act (COPPA), a federal mandate that requires getting parental consent before gathering data from minors under 13. Moreover, the company may face allegations of violations associated with state biometric laws. The issues could affect millions of kids and their privacy.
3. Hackers dump confidential law firm data
A law firms document management system (DMS) contains all the legal documents about its clients. Some include records spanning 10 to 20 years, making it especially necessary to protect the data. Privacy violations sometimes occur due to inadequate cybersecurity. For example, the Maze hacker group targeted Texas law firm Baker Wotring and published a “full dump” of the organizations data. The incident was a ransomware attack, and the leak likely happened when the cybercriminals did not receive the requested payment. The compromised records included case diaries, consent forms and more.
4. Facebook fined for its role in Cambridge Analytica data harvesting
Federal officials in the United States carried out a 16-month investigation and determined Facebook repeatedly misled its users and compromised efforts to safeguard privacy. That decision came after Cambridge Analytica used a third-party app to harvest data from a Facebook quiz for political purposes.
The Federal Trade Commission (FTC)2 fined Facebook $5 billion for the infractions, the largest amount ever imposed on a company for a consumer privacy regulation.
5. Ring doorbell app allegedly loaded with trackers
The Ring doorbell has an accompanying app that lets people see, hear and speak to individuals who arrive on their doorsteps—even without being home. Unfortunately, when the Electronic Frontier Foundation (EFF)3 investigated the Android version, it discovered numerous third-party trackers. The researchers say that Ring sent data to four outside entities, providing them with personally identifiable information.
The transmitted details include names, IP addresses and data from users device sensors. The EFF warned that recipients could combine all the information to get a unique user picture.
6. WhatsApp flaw sacrificed the privacy of top government officials
Privacy violations also happen if malicious parties exploit weaknesses in widely used apps. Such a situation unfolded when NSO Group4, an Israeli hacking tool developer, allegedly built and sold a product that allowed the infiltration of WhatsApps servers due to an identified weakness. This problem caused at least 1,400 users to have their mobile phones hacked within approximately two weeks in April and May 2019.
A sizeable segment of the identified victims were reportedly high-profile government officials located in at least 20 countries. Early investigative efforts failed to confirm the perpetrators5 that used the tool from NSO Group.
分享数据时,大多数人往往不假思索。购买商品、注册电子邮箱列表、下载应用程序等等,人们向公司提供了个人信息,同时也指望这些公司能够保护好那些细碎信息。
不幸的是,相关企业往往失职,泄露了重要的数据。由此产生的违反隐私法的行为,可能会导致巨额罚款,并削弱其公信力。
下面介绍公司未能尽其所能尊重用户隐私的6个近期案例。
1. Zoom公司在用户不知情的情况下将其信息提供给第三方
《纽约时报》2020年4月的一篇文章称,备受青睐的视频会议网站Zoom在用户对话期间秘密采集数据。报道称,当用户登录会议时,Zoom将其数据传输到一个系统,该系统将用户与其领英平台中的个人资料进行匹配。事件由一个名为领英销售导航的订阅工具触发。Zoom为客户提供该工具,以满足公司的营销需求。
此外,当用户匿名登录Zoom会议时,该工具仍会关联他们在领英平台上的个人资料。因此,尽管用户努力保密,其真实姓名还是会被透露给其他用户。Zoom承诺禁用该工具并将其从公司的产品中删除。
2. 谷歌公司违反儿童隐私保护法
据近期报道,谷歌公司因违反隐私保护法而受到猛烈抨击。加州一家联邦法院收到了两个孩子通过父亲提起的对这家科技巨头的诉讼。二人称,谷歌教育平台非法收集儿童用户的生物识别数据。如果此事属实,该行为可能意味着,谷歌无视联邦政府颁布的《儿童在线隐私保护法》。该法令要求在收集13岁以下未成年人的数据之前,必须征得其父母同意。此外,谷歌可能面临违反加州生物识别法的指控。这些问题可能会影响数百万儿童及其隐私。
3. 黑客盗取律所机密数据
律师事务所的文件管理系统包含客户的所有法律文件。其中一些档案的时间跨度为10至20年,因此保护这些数据尤为必要。网络安全措施不足有时会导致侵犯隐私的情况。例如,“迷宫”黑客组织锁定得克萨斯州的贝克-沃特林律师事务所为攻击目标,公开了该公司的“全部黑料”。这是一起勒索软件引起的攻击事件,很可能是网络犯罪分子没有收到赎金而泄露信息的。遭泄露的材料包括案件卷宗和知情同意书等等。
4. 脸书因参与剑桥分析公司数据收集而受罚
美国联邦政府人员进行了为期16个月的调查,确认脸书一再误导其用户并破坏保护隐私方面的种种努力。这一判定裁决前,剑桥分析公司出于政治目的,使用第三方应用程序从脸书的一个智力游戏中获取数据。
美国联邦贸易委员会对脸书的违规行为处以50亿美元罚款,这是迄今为止因侵犯消费者隐私而对一家公司处以的最高罚款。
5. 据称“门铃”应用程序装有跟踪器
“门铃”有一个附带的应用程序,能够让住户即使不在家也能在有人到了家门口时看到、听到并与之交谈。不幸的是,电子前沿基金会调查其安卓版本时发现了许多第三方追踪器。研究人员表示,“门铃”向四个外部实体发送数据,提供个人可标识信息。
发送出去的详细信息包括姓名、网际协议地址和用户设备传感器上的数据。电子前沿基金会警告说,数据接收者可以结合所有信息,勾画出用户画像,即掌握该用户的个人情况。
6. 沃茨阿普应用程序漏洞致政府高官隐私流出
恶意组织利用流行应用程序的弱点也会带来侵犯隐私的行为。据称,以色列黑客工具开发商NSO集团制造并销售了一款产品,该产品让人借助已识别的弱点潜入沃茨阿普服务器,从而侵犯隐私。2019年4月至5月,约两周时间内,该问题导致至少1400名用户的手机被黑客攻击。
據报道,已确认身份的受害者中,相当大一部分是来自至少20个国家的高级政府官员。初步调查工作未能确认使用NSO集团工具的犯罪者身份。
(译者单位:华中科技大学)