UK invests £55.5 million in facial recognition to combat retail crime

UK Prime Minister Rishi Sunak has announced a substantial investment of £55.5 million over four years in facial recognition technology, which aims to combat retail crime by identifying repeated shoplifters.

The initiative, part of a broader crackdown on theft, includes deploying bespoke mobile units equipped with live facial recognition capabilities across high streets nationwide. While controversial, its deployment has resulted in numerous arrests, primarily for offences ranging from theft to assault. However, concerns persist regarding privacy and false positives.

Despite criticism from privacy advocates like Big Brother Watch, Home Secretary James Cleverly emphasises the technology’s preventative nature, while the Metropolitan Police views it as a transformative tool in law enforcement. The Office of the Scottish Biometrics Commissioner noted that careful deployment is needed to maintain public confidence.

Why does it matter?

The development has emerged months after Scotland’s biometrics commissioner, Brian Plastow, raised concerns about the trajectory towards autocracy driven by inappropriate use of biometric surveillance in the UK. While supporting specific biometric surveillance applications, like live facial recognition, he critiques government overreach and highlights risks such as database misuse and privacy erosion. Plastow’s concerns are exemplified by incidents like the arrest of an eight-month-pregnant woman for failing to report community service. While Scotland may resist England’s path towards a vigilant state, the stance of Wales remains uncertain.

US lawmakers consider extending TikTok divestiture deadline

Lawmakers in the US Senate Commerce Committee are considering extending the deadline for TikTok’s parent company, ByteDance, to divest the popular short video app used by millions of Americans. The US House of Representatives previously voted overwhelmingly to give ByteDance approximately six months to sell TikTok’s US assets or face a ban. Senate Commerce Committee chair Maria Cantwell has expressed support for extending the deadline to one year, suggesting it could enhance the likelihood of a successful divestiture.

Discussions about the possibility of a one-year deadline extension come amid ongoing deliberations among congressional leaders. Cantwell indicated plans to strategise with Senate Democratic Leader Chuck Schumer and Senate Intelligence Committee chair Mark Warner. Despite the House’s decisive vote, Cantwell emphasised the Senate’s intent to refine the legislation for firmer legal grounding, considering previous unsuccessful attempts to ban TikTok under the Trump administration and at the state level.

Senate Republican leader Mitch McConnell has joined the call for divestiture, citing national security concerns and labelling TikTok as a significant strategic threat. However, TikTok has vigorously defended itself, asserting that a ban would infringe upon the First Amendment rights of its 170 million American users. While concerns persist regarding potential data sharing with China, TikTok maintains its commitment to safeguarding US data, having invested over $1.5 billion in data protection measures and storage infrastructure within the country.

Bipartisan legislation introduced in US to establish national data privacy rights

Federal lawmakers in the United States have proposed bipartisan legislation, the American Privacy Rights Act, to create clear and enforceable national data privacy rights for Americans.

Similar to the EU’s GDPR, the bill seeks to consolidate the country’s patchwork of state data privacy laws into a comprehensive framework, empowering individuals to take legal action against violators and curbing Big Tech’s exploitation of personal data without consent.

Key features include restrictions on data collection, enhanced consumer control over personal information, and safeguards against discriminatory algorithms. Individuals can refuse algorithmic decisions affecting housing, employment, healthcare, credit, education, and insurance.

If passed, this legislation will represent a significant step forward in bipartisan efforts to address data privacy concerns in the digital age.

Why does it matter?

Amidst the growing importance of personal data for AI companies and concerns over potential foreign access to Americans’ data, the proposed American Privacy Rights Act aims to establish stronger data protections than current state laws, such as California’s. If passed, the bill would mandate companies to disclose details regarding data storage in countries like China and Russia, addressing concerns related to platforms like TikTok. However, the legislation is expected to encounter obstacles in Congress, especially with limited legislative activity anticipated leading up to the 2024 election.

US Senate Republican Leader pushes Chinese divestment of TikTok

The US Senate Republican Leader Mitch McConnell is advocating for legislation that would compel TikTok’s parent company, China’s ByteDance, to divest the popular short video app, citing security threats to the US, which include calling TikTok ‘America’s greatest strategic rival.’

McConnell’s push comes amidst growing concerns about the potential influence of Beijing on TikTok’s operations, with the US House of Representatives recently voting in favour of a divestment requirement.

Senate leaders are now considering bipartisan measures to address the situation, while TikTok insists it has never shared American user data with China and has invested heavily in protecting and storing US data domestically.

Why does it matter?

TikTok’s future is sparking heated debate in Washington, with national security and First Amendment concerns taking centre stage. McConnell’s involvement may rekindle efforts to pass legislation that could ban the app. Notably, Senate Majority Leader Chuck Schumer also views TikTok legislation as a critical November pre-election priority.

Biden seeks TikTok divestment in conversation with Xi

During a recent phone call, President Joe Biden conveyed to Chinese President Xi Jinping the United States’ desire for TikTok to change ownership. This move comes as Congress deliberates on outlawing the app unless it severs ties with its Chinese proprietors. According to National Security Council spokesperson John Kirby, Biden emphasised that the concern is not about banning TikTok outright but divesting ownership to safeguard national and data security interests.

Western authorities have expressed apprehension regarding TikTok’s popularity among young users, alleging its susceptibility to Beijing’s influence and its potential for propaganda. These allegations have been refuted by both the company and Beijing. Despite such concerns, the US House of Representatives recently passed a bill with an overwhelming majority, mandating TikTok’s separation from its Chinese parent company ByteDance or facing a nationwide prohibition.

President Biden’s backing of this bill is noteworthy, even though his election campaign leveraged TikTok as a tool to engage with young voters. However, the bill’s fate in the Senate remains uncertain, with some senators expressing reservations about the US government’s intervention in civil liberties and corporate ownership matters. The debate underscores the delicate balance between national security concerns and the principles of free enterprise and individual rights in the digital age.

Microsoft ensures data privacy for AI tool users

Microsoft has outlined its commitment to safeguarding customer data privacy as businesses increasingly utilise generative AI tools such as Azure OpenAI Service and Copilot. In a blog post published on 28 March, the tech giant assured that customer organisations leveraging these services are protected under existing privacy policies and contractual agreements. Notably, Microsoft emphasised that organisations’ data is only utilised to train OpenAI models or foundational models if explicitly permitted by the users.

The tech giant clarified that customer data used in its generative AI solutions, including Azure OpenAI Service and Copilot, is not accessible for training open-source AI, addressing concerns raised by data privacy experts in the past. Furthermore, Microsoft affirmed that it does not share customer data with third parties like OpenAI without explicit permission, nor does it use it to train OpenAI’s foundational models. Any fine-tuned AI solutions resulting from organisations using their data will remain exclusive to them and not be shared externally.

The blog post highlights measures to protect organisations from copyright infringement lawsuits related to using Azure OpenAI and Microsoft Copilot services. Through the 2023 Customer Copyright Commitment plan, Microsoft pledged to defend customers and cover settlements in the event of copyright infringement lawsuits, provided customers utilise available guardrails and content filters within the products.

In addition to copyright protection, Microsoft is focused on safeguarding sensitive data associated with AI usage. Chief Privacy Officer Julie Brill detailed how Microsoft Purview enables corporate customers to identify risks linked to AI usage, including sensitive prompts. Azure OpenAI and Copilot users can employ sensitivity labels and classifications to protect their sensitive data, with Copilot summarising content only when authorised by users. This integration ensures that Copilot-generated output inherits sensitivity labels from reference files, maintaining data protection policies and preventing unauthorised access.

US Department of Justice reveals facial recognition policy details

Despite not making the full policy public, the US Department of Justice (DOJ) has revealed insights into its interim policy concerning facial recognition technology (FRT). The testimony submitted to the US Commission on Civil Rights highlights key aspects of the policy announced in December, emphasising its adherence to protecting First Amendment activities. The policy aims to prevent unlawful use of FRT, establish guidelines for compliant use, and address various aspects, including privacy protection, civil rights, and accuracy.

Ethical considerations are integral to the interim policy, with measures in place to prevent discriminatory use of facial recognition and ensure accountability for its deployment. However, complexities arise due to evolving AI regulations and the proliferation of biometric algorithms, leading to stipulations that FRT systems must comply with DOJ policies on AI and that FRT results alone cannot serve as sole proof of identity.

The testimony acknowledged civil rights concerns, recognising the potential for bias in algorithms and the misuse of FRT, including unlawful surveillance. Nonetheless, the DOJ emphasises the benefits of FRT in enhancing public safety, citing its role in identifying missing persons, combating human trafficking, and aiding in criminal investigations. According to the DOJ, the key lies in harnessing FRT’s potential while implementing effective safeguards to mitigate potential harm.

Why does it matter?

In a related development, the US government has recently published new guidelines that require all federal agencies to appoint senior leaders as chief AI officers to oversee the use of AI systems. According to the guidelines, agencies must establish AI governance boards to coordinate usage and submit annual reports detailing AI systems, associated risks, and mitigation strategies. As a result, the US Department of Justice appointed Jonathan Mayer, an assistant professor specialising in national security, consumer privacy, and criminal procedure at Princeton University, as its first chief AI officer.

Israel deploys facial recognition program in Gaza

Israel has deployed a sophisticated facial recognition program in the Gaza Strip, according to reports. The program, initiated after the 7 October attacks, employs technology from Google Photos and a proprietary tool from Corsight AI, an Israeli firm dedicated to creating industry-leading facial recognition technology to identify individuals linked to Hamas without their consent.

The facial recognition system, crafted in parallel with Israel’s military operations in Gaza, operates by collecting data from diverse sources, including social media platforms, surveillance footage, and inputs from Palestinian detainees. Israeli Unit 8200, the primary intelligence unit, played a pivotal role in identifying potential targets through these means.

Corsight’s technology, known for its claim to accurately identify individuals even with less than 50% of their face visible, was utilised to construct a facial recognition tool. Establishing checkpoints equipped with facial recognition cameras along critical routes used by Palestinians to escape southwards, the Israeli military aims to expand the database and pinpoint potential targets, compiling a ‘hit list’ of individuals associated with the 7 October attack.

Despite soldiers acknowledging Corsight’s technology’s limitations, particularly in grainy images or obscured faces, concerns persist over misidentifications. One such incident involved the mistaken apprehension of Palestinian poet Mosab Abu Toha, who faced interrogation and detention due to being flagged by the system.

South Korea launches investigation into Worldcoin’s personal data collection

South Korea’s Personal Information Protection Commission (PIPC) has launched an investigation into cryptocurrency project Worldcoin following numerous complaints about its collection of personal information. Of particular concern is the project’s use of iris scanning in exchange for cryptocurrency. The PIPC announced on Monday that it will examine company’s collection, processing, and potential overseas transfer of sensitive personal information, and will take action if any violations of local privacy rules are found.

It is worth noting that OpenAI, which co-founded Worldcoin, was fined last year by the privacy watchdog for leaking personal information of South Korean citizens through its ChatGPT application. This connection with OpenAI adds weight to the concerns surrounding the handling of personal data by Worldcoin.

Worldcoin is an identity-focused cryptocurrency project. Participants in the protocol receive WLD tokens in return for signing up. The project’s unconventional sign-up process has also raised concerns in other jurisdictions. As of now, company has not responded to the investigation or the accusations.

Avast ordered to pay $16.5 million for illegally selling user browsing data

The US Federal Trade Commission (FTC) has ordered a software company Avast, to pay $16.5 million and cease selling or licensing web browsing data for advertising purposes. The charges against Avast include allegations that the company collected and sold users’ browsing information without their consent, despite promising to protect their privacy.

Czech company based in the UK, collected the US consumers’ browsing information using browser extensions and antivirus software, according to the FTC complaint. The collected data included details about users’ web searches, visited webpages, religious beliefs, health concerns, political leanings, location, financial status, and visits to child-directed content. This information was stored indefinitely and sold to third parties without adequate notice or consent.

The FTC also argues that Avast deceived users by falsely claiming that its software would safeguard their privacy and block third-party tracking. Company failed to sufficiently inform consumers that it would sell their detailed, re-identifiable browsing data. The data was sold to over 100 third parties through Avast’s subsidiary, Jumpshot.

In addition to fine, Avast and its subsidiaries will be prohibited from misrepresenting their data usage practices. Under the proposed order, Avast is required to delete the browsing information transferred to Jumpshot and any products or algorithms derived from that data.

The company must also notify consumers whose browsing information was sold without consent about the FTC’s actions. Furthermore, they will be required to implement a comprehensive privacy program to address the misconduct highlighted by the FTC.