Day: 9 March 2021

Letters From Tesla’s Counsel to California DMV Show Greater Wariness of Self-Driving Capability Than Elon Musk’s Public Comments arstechnica.com

Timothy B. Lee, Ars Technica:

In a pair of letters last November and December, officials at the California DMV asked Tesla for details about the FSD beta program. Tesla requires drivers using the beta software to actively supervise it so they can quickly intervene if needed. The DMV wanted to know if Tesla planned to relax requirements for human supervision once the software was made available to the general public.

In its first response, sent in November, Tesla emphasized that the beta software had limited functionality. Tesla told state regulators that the software is “not capable of recognizing or responding” to “static objects and road debris, emergency vehicles, construction zones, large uncontrolled intersections with multiple incoming ways, occlusions, adverse weather, complicated or adversarial vehicles in the driving path, and unmapped roads.”

In a December follow-up, Tesla added that “we expect the functionality to remain largely unchanged in a future, full release to the customer fleet.” Tesla added that “we do not expect significant enhancements” that would “shift the responsibility for the entire dynamic driving task to the system.” The system “will continue to be an SAE Level 2, advanced driver-assistance feature.”

Apparently this is the year that we get fully autonomous transportation — assuming Tesla manages to resolve that enormous list of things not recognized by its “full self-driving” software. So this is not the year that we get fully autonomous transportation, and the name of Tesla’s “Autopilot” software is still writing cheques that it cannot cash. Some things never change.

Biden Administration Hires Tim Wu and Lina Khan politico.com

Today’s Politico Playbook, maniacal capitalization corrected by yours truly:

President Joe Biden has decided to nominate Lina Khan, a Columbia University legal scholar championed by anti-Big Tech activists, to the Federal Trade Commission.

Along with the recent hiring of Tim Wu as an economic adviser inside the White House — also first reported in Playbook — the addition of Khan signals that Biden is poised to pursue an aggressive regulatory agenda when it comes to Amazon, Google, Facebook and other tech giants.

Wu joined the National Economic Council and is known for arguing in favour of net neutrality and against the huge power of large tech companies. Khan is perhaps best known for her contributions to the House Antitrust Subcommittee and her blockbuster 2017 piece about Amazon in the Yale Law Journal. These are two of the most respected voices in technology policy and I am looking forward to the work they will do.

Surveillance and Facial Recognition Systems From Verkada Breached bloomberg.com

William Turton, Bloomberg:

A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.

[…]

Kottmann said their group was able to obtain “root” access on the cameras, meaning they could use the cameras to execute their own code. That access could, in some instances, allow them to pivot and obtain access to the broader corporate network of Verkada’s customers, or hijack the cameras and use them as a platform to launch future hacks. Obtaining this degree of access to the camera didn’t require any additional hacking, as it was a built-in feature, Kottmann said.

The hackers’ methods were unsophisticated: they gained access to Verkada through a “Super Admin” account, allowing them to peer into the cameras of all of its customers. Kottmann says they found a user name and password for an administrator account publicly exposed on the internet. After Bloomberg contacted Verkada, the hackers lost access to the video feeds and archives, Kottmann said.

Jason Koebler and Joseph Cox, Vice:

The spreadsheet, provided by one of the hackers to Motherboard, shows more than 24,000 unique entries in the “organization name” column. Verkada’s cameras are capable of identifying particular people across time by detecting their faces, and are also capable of filtering individuals by their gender, the color of their clothes, and other attributes.

[…]

From the spreadsheet itself, it is not clear which specific customers are deploying Verkada’s facial recognition capabilities. But those features appear to be basic functions of the camera, and not add-ons. Verkada’s website advertises that “all” of its cameras include “Smart Edge-Based Analytics,” referring to the cameras’ facial recognition, person identification, and vehicle analysis tools. It adds the cameras can detect “meaningful events,” which can mean unusual activity and “unusual motion” as determined by the camera’s AI. After detecting faces, a companion web app allows the camera’s administrator to search over time for footage that includes that specific person.

Access to the cameras and video archives of thousands of clients was granted by a username and password that was publicly available on the web, from which these activists were able to explore Verkada’s network. Just a staggering degree of incompetence. Apparently, some of Verkada’s clients are in Canada — including at least one government agency I can find — and I am sure our Privacy Commissioner will dig this.

T-Mobile to Automatically Enable Ad Targeting of Customers, Including Those of Sprint wsj.com

This piece from the New York Times editorial board just three days ago sets the tone for the main topic, I think:

Americans have become inured to the relentless collection of their personal information online. Imagine, for example, if getting your suit pressed at the dry cleaner’s automatically and permanently signed you up to have scores of inferences about you — measurements, gender, race, language, fabric preferences, credit card type — shared with retailers, cleaning product advertisers and hundreds of other dry cleaners, who themselves had arrangements to share that data with others. It might give you pause.

[…]

One straightforward solution is to let people opt in to data collection on apps and websites. Today, with few exceptions, loads of personal data are collected automatically by default unless consumers take action to opt out of the practice — which, in most cases, requires dropping the service entirely.

Drew FitzGerald, Wall Street Journal:

T-Mobile US Inc. will automatically enroll its phone subscribers in an advertising program informed by their online activity, testing businesses’ appetite for information that other companies have restricted.

[…]

AT&T Inc. automatically enrolls wireless subscribers in a basic ad program that pools them into groups based on inferred interests, such as sports or buying a car. An enhanced version of the program shares more-detailed personal information with partners from customers who opt into it.

Verizon Communications Inc. likewise pools subscriber data before sharing inferences about them with advertisers, with a more-detailed sharing program called Verizon Selects for users who enroll. Its separate Verizon Media division shares data gathered through its Yahoo and AOL brands.

Ask pretty much anyone about their modern-day privacy concerns and you will get an earful about Facebook and Google. That’s understandable — they run a two-sided economy of users and advertisers, and have little competition in many of their markets. But the ad tech ecosystem is so gigantic that it is insufficient to focus solely on those two companies.

I have been writing for years that the market for private data needs to be curbed or even eliminated. Now that personal information is available in unfathomable supply, has huge demand, and is an effectively unregulated market, everyone seems to want in on it. Scott Brinker tracks the companies involved in marketing technologies. In 2020, the sector with by far the greatest growth was in data.1 Even the example the Times editorial board used in that lede is pretty much identical to an agreement between Google and Mastercard.

Even as Facebook and Google have become bywords for creepy online behaviour and have begun to spin privacy narratives around isolationist changes, the anti-privacy business is booming. There are thousands of companies only too eager to buy and sell whatever data they can get their hands on and “enrich” it by matching identifiers in different data sets. I maintain that this entire industry is illegitimate but, at the very least, it needs regulation and clear user protections.

This is also a reminder that antitrust investigations solely focused on tech companies is woefully inadequate.

  1. Within the data category, Brinker recorded a 68% growth in “governance, compliance, and privacy” firms. However, that does not mean that the data category grew primarily because of a large increase in compliance companies, perhaps spurred by increased regulation. If you actually look at the infographic, that subcategory went from a handful to a much larger handful — but it is vastly overshadowed by the number of analytics, “customer intelligence”, and “data enhancement” companies. ↥︎