Archive for July 2, 2022

Senators Demand Answers On Data Collection And Sharing Policies From Two Mental Health App Providers

Posted in Commentary with tags on July 2, 2022 by itnerd

Earlier this week I wrote about the potential pitfalls of data that relates to abortions in the wake of the removal of reproductive rights in the U.S. Today I have another example of how sensitive data can be misused. The Verge is reporting that US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) have written to two leading mental health app providers, Talkspace and BetterHelp, and are demanding answers about their data collection and sharing practices:

In letters to BetterHelp and Talkspace executives on Thursday, Warren — along with Sens. Cory Booker (D-NJ) and Ron Wyden (D-OR) — called on the mental health companies to explain how their apps collect and use data obtained from their patients. Specifically, lawmakers requested information on the apps’ relationships with online advertisers, data brokers, and social media platforms like Facebook as well as how those relationships are disclosed to users.

Reviewing the companies’ privacy policies, the senators wrote that “unfortunately, it appears possible that the policies used by your company and similar mental health platforms allow third-party Big Tech firms and data brokers, who have shown remarkably little interest in protecting vulnerable consumers and users, to access and use highly confidential personal and medical information.”

The letter follows a report published in May by the Mozilla Foundation, which warned consumers that online talk therapy apps could be profiting off of their mental health data. While both BetterHelp and Talkspace promise not to sell a user’s medical data without their consent, the researchers determined that personal information — like a patient’s name, phone number, and email — could still be sold or accessed by third parties for advertising and marketing purposes.

Well, that’s shady. But sadly not a new phenomena. And Dan Weiss who is the SVP Application & Network Security Services for GRIMM agrees:

This problem is neither new nor unique. Instead, it represents a challenge to both users and regulators. Technology’s trend to move more rapidly than regulation and to expand in ways that are difficult to predict is both well-known and a consistent story over time. This case highlights that consumers still operate under the mistaken bias that data (of any sort) that passes through a mobile device has any assumption of privacy. The truth is that ensuring “privacy” in this landscape is a nearly impossible challenge, one which most application developers implement imperfectly, if at all.
 
Coupled with the fact that user data is the primary product for many applications, the challenge of restricting unintended use cases is one that regulators have failed to address. Some platforms, such as Apple, have worked to provide a level of additional visibility and control to users (although a cynic might rightfully question the completeness and motivation for these changes). However, attempting to solve the problem through current regulatory strategies is essentially doomed to fail for the reasons alluded to above. Ultimately, it will fall to the consumer to understand how the application is using their data and fully understand that the conventional definition of privacy no longer applies to data that transits the vast majority of commercial mobile applications.

It will be interesting to see how these companies respond to these senators. But it will be even more interesting to see if they suddenly make changes to hopefully make the scrutiny on them go away.

Watch this space for more.

TikTok’s Owners Pledge To Make Changes To Avoid Being Banned…. I Say Ban Them And Be Done With It

Posted in Commentary on July 2, 2022 by itnerd

You might recall that the commissioner of the FCC called on Apple and Google to remove TikTok from their app stores because of the fact that it was discovered that the Chinese have access to US users data. Something that TikTok said wasn’t happening. Now that the company is facing being banned, they’re reacting:

Chinese-owned social media site TikTok told U.S. senators it was working on a final agreement with the Biden Administration that would “fully safeguard user data and U.S. national security interests,” according to a TikTok letter seen Friday by Reuters.

The letter dated Thursday came in response to questions raised in a June 27 letter by a few senators including Republicans Marsha Blackburn and Ted Cruz, TikTok said.

And:

Last month, TikTok said it had completed migrating U.S. users’ information to servers at Oracle but it was still using U.S. and Singapore data centers for backup.

TikTok’s letter acknowledged that China-based employees “can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.”

TikTok said it expected “to delete U.S. users’ protected data from our own systems and fully pivot to Oracle cloud servers located in the U.S.”

Some in Congress were not impressed with this response:

Senator Blackburn, of Tennessee, said TikTok “should have come clean from the start but instead tried to shroud their work in secrecy.” She said TikTok needs to “come back and testify before Congress.”

They should make a return trip to Congress and testify under oath why they should be believed now when clearly they’ve been playing fast and loose with the truth. But there’s more:

“TikTok’s response confirms our fears about the CCP’s influence in the company were well founded,” Republican Senator Marsha Blackburn of Tennessee told Bloomberg on Friday. “The Chinese-run company should have come clean from the start, but it attempted to shroud its work in secrecy. Americans need to know if they are on TikTok, Communist China has their information.” 

Here’s my $0.02 worth on this. Ban them. Ban them now. And get other countries to ban them. This discussion about if TikTok is a national security threat has been going on for years. And if you’re having this much discussion about a topic, and stuff keeps coming out that says that whatever it is that you’re talking about is bad, you should probably ban it. Because keeping TikTok around really doesn’t do anyone any good.