A report released last week contends that Amazon uses voice data from its Echo devices to serve targeted ads on its own platforms and the web. The Verge reports: he report, produced by researchers affiliated with the University of Washington, UC Davis, UC Irvine, and Northeastern University, said the ways Amazon does this is inconsistent with its privacy policies. Titled, “Your Echos are Heard: Tracking, Profiling, and Ad Targeting in the Amazon Smart Speaker Ecosystem,” the report concludes that Amazon and third parties (including advertising and tracking services) collect data from your interactions with Alexa through Echo smart speakers and share it with as many as 41 advertising partners. That data is then used to “infer user interests” and “serve targeted ads on-platform (Echo devices) as well as off-platform (web).” It also concludes that this type of data is in hot demand, leading to “30X higher ad bids from advertisers.”

Amazon confirmed to The Verge that it does use voice data from Alexa interactions to inform relevant ads shown on Amazon or other sites where Amazon places ads. “Similar to what you’d experience if you made a purchase on Amazon.com or requested a song through Amazon Music, if you ask Alexa to order paper towels or to play a song on Amazon Music, the record of that purchase or song play may inform relevant ads shown on Amazon or other sites where Amazon places ads.” Amazon spokesperson Lauren Raemhild said in an email.

The company also confirmed there are targeted ads on its smart speakers. “Customers may receive interest-based ads when they use ad-supported premium content — like music, radio or news streams,” said Raemhild, pointing out that this is the same experience if they engaged with that content on other channels. She went on to say that Amazon does not share voice recordings with developers. “Developers get the information necessary to fulfill your requests within their skills, such as answers when you play a trivia skill, or the name of the song you want to play,” she said. “We do not share our customers’ personal information to third-party skills without the customer’s consent.” Amazon allows Alexa users to opt out of ad targeting as well (see sidebar). “Many of the conclusions in this research are based on inaccurate inferences or speculation by the authors, and do not accurately reflect how Alexa works,” added Raemhild. “We are not in the business of selling our customers’ personal information and we do not share Alexa requests with advertising networks.”

Read more of this story at Slashdot.

Source: Slashdot – Researchers Find Amazon Uses Alexa Voice Data To Target You With Ads

An anonymous reader quotes a report from Bloomberg: The FBI searched emails, texts and other electronic communications of as many as 3.4 million U.S. residents without a warrant over a year, the nation’s top spy chief said in a report. The “queries” were made between December 2020 and November 2021 by Federal Bureau of Investigation personnel as they looked for signs of threats and terrorists within electronic data legally collected under the Foreign Intelligence Surveillance Act, according to an annual transparency report issued Friday by the Office of the Director of National Intelligence. The surge came as the FBI made a push to stop hacking attacks.

The authority the FBI used in this case was under Section 702 of FISA, which is set to expire at the end of next year unless it’s renewed by Congress. The report doesn’t say the activity was illegal or even wrong. But the revelation could renew congressional and public debates over the power U.S. agencies have to collect and review intelligence information, especially data concerning individuals. In comparison, fewer than 1.3 million queries involving Americans’ data were conducted between December 2019 and November 2020, according to the 38-page report. The report sought to provide a justification for the increase in queries during the last year.

“In the first half of the year, there were a number of large batch queries related to attempts to compromise U.S. critical infrastructure by foreign cyber actors,” according to the report. “These queries, which included approximately 1.9 million query terms related to potential victims — including U.S. persons — accounted for the vast majority of the increase in U.S. person queries conducted by FBI over the prior year.” The exact number of U.S. residents who potentially had their information reviewed isn’t known because there’s no precise way to measure the data, according to the report. “Today’s report sheds light on the extent of these unconstitutional ‘backdoor searches,’ and underscores the urgency of the problem,” said senior staff attorney with the ACLU. “It’s past time for Congress to step in to protect Americans’ Fourth Amendment rights.”

Read more of this story at Slashdot.

Source: Slashdot – FBI Searched the Data of Millions of Americans Without Warrants

Haje Jan Kamps, writing for TechCrunch: A couple of weeks ago yet another of my friends was a victim of identity theft, and I got yet another deep look into how fantastically broken the U.S. can be when it comes to security. “They have my social security number,” she said, and I was reminded of how a lot of systems in the U.S. are woefully poorly designed. To wit: This morning I called my bank and was asked for the last four digits of my SSN and they somehow accepted my identity because I knew those four digits.

When I moved to the U.S. a couple of years ago, my friends made sure that I knew I had to keep my Social Security number (SSN) secret and hidden. When I started opening a bank account and set up a cell phone plan, it became obvious why: All sorts of institutions that really should know better are treating this string of numbers as a password. There’s a huge, glaring problem with that. I maintain that Equifax should receive the corporate equivalent of capital punishment for allowing this to happen, but 145 million social security numbers were stolen by hackers a few years ago, which means that the Social Security numbers — yes, the same numbers that are being treated as “passwords” — for about half the U.S. adult population are in the wind.

We’ve gotten used to passwords by now, but at least, in most cases, passwords can be changed when they are hacked. Your social security number? Not so much. If your SSN leaks just once, you’re boned. It’s not possible to change it, and that brings up the true depth of idiocy in all of this: Relying on security that depends on keeping an unchangeable piece of information secret is really bloody stupid. The corollary is this: Imagine that your email has been hacked but your email provider tells you that you can’t change your password, you can’t change your email provider, and you’ll just have to deal with it. That’s the situation we currently have with Social Security numbers.

Read more of this story at Slashdot.

Source: Slashdot – ‘Why the Heck Are SSNs Still Treated as Passwords in the US?’

An anonymous reader shares a report: C onstance Chioma calls her son every morning to check that he is safe while studying in northeast Nigeria, a region plagued by deadly attacks by Islamist insurgents and armed kidnappings. Earlier this month, she could not get through. She later realised her SIM card was one of about 73 million – more than a third of the 198 million in Nigeria – which have been barred from making outgoing calls because they have not been registered in the national digital identity database.

[…] Nigeria is among dozens of African countries including Ghana, Egypt and Kenya with SIM registration laws that authorities say are necessary for security purposes, but digital rights experts here say increase surveillance and hurts privacy. Nigeria has been rolling out 11-digit electronic national identity cards for almost a decade, which record an individual’s personal and biometric data, including fingerprints and photo. The National Identity Number (NIN) is required to open a bank account, apply for a driver’s license, vote, get health insurance, and file tax returns. In 2020, Nigeria’s telecommunications regulator said every active mobile phone number must be linked to the user’s NIN. It repeatedly extended the deadline until March 31 this year. The government said outgoing calls were being barred from April 4 here from any mobile phone numbers that had not complied.

Read more of this story at Slashdot.

Source: Slashdot – Nigeria Blocks 73 Million Mobile Phones in Security Clampdown