Nokia says its phones sent data to China by mistake


Jamie Rigg/Engadget

Nokia phone brand owner HMD Global is understandably nervous about Finland investigating claims that its handsets send sensitive data to China, and it’s trying to clear its name. The company said in a statement that it “mistakenly included” the device activation software for Chinese phones in a “single batch” of Nokia 7 Plus phones meant for other countries. However, that data was “never processed” and wasn’t personally identifiable, according to the company. It was fixed through a software update in February 2019, and “nearly all” phones already have that patch.

The company also rejected talk that other phones would send similar data. Every Nokia phone outside of China sends device data to HMD Global servers (provided by Amazon Web Services) in Singapore, the company said, and abides by local laws.

This won’t necessarily put the Finnish investigation to bed, and the claims about the nature of the data don’t paint a full picture. While they don’t directly identify a person, they could be used with corroborating info to get a clearer picture of that person’s life. Still, the issue appears to have been fixed — it’s just an unpleasant reminder that a slip-up at the factory is enough to put data at risk.

Let’s block ads! (Why?)

Link to original source

Finland is investigating Nokia phones sending data to China


Rafael Marchante / Reuters

Finland’s data protection watchdog is investigating Nokia owner HMD over claims its mobiles sent data to Chinese servers. The probe follows a report by Norway’s public broadcaster NRK in which it claimed to have proof that Nokia phones are transmitting sensitive information to China based on a tip from a Nokia owner. The man in question, Henrik Austad, said he’d been monitoring the traffic from his Nokia 7 only to find it was sending unencrypted information to a Chinese server while switched on. The sensitive data reportedly included his location, as well as the SIM card number and the phone’s serial number.

NRK said its own findings indicated the server was under the domain “vnet.cn,” which is reportedly managed by state-owned telecommunications company China Telecom. Finland’s data protection ombudsman Reijo Aarnio told Reuters he would assess whether there were any breaches that involved “personal information and if there has been a legal justification for this.”

Finnish startup HMD Global, which signed a ten-year license with Microsoft for the Nokia brand in 2016, reportedly admitted to NRK that a batch of Nokia 7 phones had sent data to China. It said it had fixed the “error” in a January software update that most customers had installed. HMD claimed the phones didn’t send any personal data that could identify their owners. The Nokia 7 itself is a China exclusive handset launched in October 2017. A second-gen version, the Nokia 7.1, was released in the US a year later.

Pointing to the stricter privacy laws imposed by the EU last year, Aarnio told NRK that his first reaction was “that this can at least be a violation of the GDPR legislation.” Google already fell foul of the guidelines in France earlier this year, where it was hit with a €50 million (about $57 million) fine for its alleged opaque data consent policies.

Let’s block ads! (Why?)

Link to original source

Facebook board member may have met Cambridge Analytica whistleblower in 2016 (updated)


David Paul Morris/Bloomberg via Getty Images

Facebook has never said when its execs learned about Cambridge Analytica’s misuse of data, but The Guardian might have some insights. Its sources claim Facebook board member Marc Andreessen met Cambridge Analytica whistleblower Christopher Wylie back in the summer of 2016, well before the scandal became public. Reportedly, the meeting in Andreessen’s office was established to understand just how Cambridge Analytica was using the data and how Facebook could solve it. It’s not clear who else was present, but the discussion apparently included Cambridge Analytica’s “contacts with Russian entities.”

Andreessen stayed in touch with Wylie up until the story broke in March 2018, according to one of the sources. However, there was supposedly no “follow-up” to put Wylie’s information to work.

Andreessen’s venture capital company, Andreessen Horowitz, has declined to answer questions. In a statement, Facebook said it wasn’t aware of the data transfer to Cambridge Analytica until December 2015 and “took action,” but didn’t say when executives were aware.

The leak (if accurate) doesn’t guarantee that Mark Zuckerberg or other executives knew what was going on, but it could fill a gap in the timeline that has remained conspicuously blank. It would also raise questions as to why a major board member had talked to Wylie roughly a year and a half before Cambridge Analytica’s data abuse became public knowledge. Whatever the answers, it’s not a good look when Facebook is already grappling with investigations into its data handling.

Update 3/16 10:37PM ET: Marc Andreessen has denied the claim in a statement to Engadget, calling it “flatly and totally untrue.” He said a colleague suggested meeting with Wylie, but that the get-together never took place. You can read the full statement below.

The suggestion that I had or hosted a meeting involving Christopher Wylie is flatly and totally untrue. I have never met Wylie in my life. After the election of 2016, a mutual colleague suggested by email that I meet with Wylie, but that meeting never took place. Later, in early 2018, Wylie reached out to me on Twitter and asked for a meeting, which I turned down.”

Let’s block ads! (Why?)

Link to original source

Family Tree DNA will let customers opt-out of the FBI's genetic data access


BSIP via Getty Images

Genealogy company Family Tree DNA hit the headlines last month after it was revealed the firm had given law enforcement agencies access to its DNA database. The FBI was allowed to comb through the information in a bid to identify crime suspects, igniting confidentiality concerns and privacy fears. Now, the gene-testing service has announced it will let customers bar law enforcement from accessing their data.

Additionally, law enforcement agencies will need to go through a “separate process” when uploading their own files to the database in search of matches, and this can only be done in an effort to identify a deceased person or suspects involved in homicide or sexual assault.

The FBI using genealogy to solve crimes is nothing new, but the Family Tree incident marks the first time the public was made aware that a private DNA company had voluntarily given law enforcement access to its database, and represents the ethical challenges posed by this kind of service. Giving customers the opportunity to opt out of giving the FBI access is an important step in defining privacy rules in this murky area, but it still puts the onus on the customer to manage their data, when some would argue the company should be protecting it by default.

Let’s block ads! (Why?)

Link to original source

US conducts criminal investigation into Facebook's data deals


AP Photo/Marcio Jose Sanchez

Investigations into Facebook’s data handling keep piling up. The New York Times has learned that federal prosecutors are in the midst of a criminal investigation into the data deals Facebook arranged with tech companies. It’s not known when the investigation began or just what the focus is, but a New York grand jury reportedly used subpoenas to obtain records from two or more “prominent makers of smartphones.” The deals included heavyweights like Apple, Microsoft and Sony.

Facebook acknowledged the investigation to the Times, stating that it was “cooperating with investigators” and was taking probes “seriously.”

The deals typically revolved around making it easier to fill out contacts, share content and otherwise integrate Facebook with devices and websites. There’s a concern that these deals weren’t always transparent to everyday users, though. Microsoft’s Bing deal mapped the friends of Facebook users without explicit permission, for instance. The FTC is believed to be negotiating a fine with Facebook over alleged violations of a 2011 privacy agreement, but not necessarily over those deals. Investigators may be using a criminal case to address concerns other agencies haven’t already covered.

Whatever the details, the investigation doesn’t bode well. Most of those deals have long since ended, and Mark Zuckerberg recently pledged to make a “privacy-focused” social network, but officials aren’t likely to care. As with Cambridge Analytica and other scandals, Facebook’s past is coming back to haunt it in ways that could have serious repercussions.

Let’s block ads! (Why?)

Link to original source