Privacy Recap: April 2023
In our Privacy Recap series, we review the biggest privacy and online security news of the past month.
Here are the biggest online privacy stories for April 2023.
Tesla workers shared sensitive images from customer car cameras
In a special report, Reuters revealed that Tesla workers used an internal messaging system to share "highly invasive videos and images recorded by customers' car cameras." According to interviews conducted by Reuters with nine former employees, this had been going on between 2019 and 2022.
The electric car manufacturer collects vast amounts of data from its global fleet of vehicles. Car owners need to grant permission on the cars' touchscreens before the data, used to develop self-driving car technology, can be collected. However, even consenting users likely didn't expect to end up a meme to be shared among the company's employees.
Some of the recordings caught Tesla customers in embarrassing situations. One ex-employee described a video of a man approaching a vehicle completely naked.
Also shared: crashes and road-rage incidents. One crash video in 2021 showed a Tesla driving at high speed in a residential area hitting a child riding a bike, according to another ex-employee. The child flew in one direction, the bike in another. The video spread around a Tesla office in San Mateo, California, via private one-on-one chats, “like wildfire,” the ex-employee said.
While Tesla states in its Customer Privacy Notice that its camera recordings remain anonymous, former employees said that the location of recordings could be shown by the computer program they used at work - potentially revealing where a Tesla owner lived.
The employees that responded to Reuters had different opinions on the image sharing. Two said that customers had given consent, so they weren't bothered by it, while three said they were troubled by it. One didn't see anything wrong with sharing images, but found the function used by the company's internal software that allowed the location of recordings to be displayed on Google Maps to be a "massive invasion of privacy."
The takeaway? Keep in mind what you consent to. Not everybody has the same privacy and common courtesy standards as you.
End-to-end encrypted communication providers rally against the UK Online Safety Bill
In a joint statement published on 18 April 2023, messaging services including Signal, Threema, Viber, WhatsApp and others urge the UK government to rework the currently proposed Online Safety Bill, which, as they say, "poses an unprecedented threat to the privacy, safety, and security of" UK citizens and the people with whom they communicate around the world.
The bill is pitched as a way to regulate harmful and illegal content on the internet. For the last two years since its introduction to the UK parliament, the bill has been slowly worked and amended into an ever more comprehensive legislation.
As is often the case with these things, the veil of having children's best interests at heart is used to conceal real threats to user privacy. The bill seeks to implement a requirement for platforms to monitor user content, which effectively spells the end of end-to-end encryption in the context of messaging services.
This is because the only effective way such scanning could be done is client-side, so in essence images would be inspected before encryptions. There are serious security concerns related to this, and if you don't remember Apple's experiment with client-side scanning in iMessage from last year, we don't blame you - it was quite short-lived and quickly reverted.
But weakened encryption is not the only concern raised by the messaging service providers. Element founder Matthew Hodgson points out that the burden of content moderation would likely be too much for most small businesses and startups to bear, while bad actors would simply shift to alternate methods of encryption or apps based in other countries. This means that the bill's intended targets would evade while ordinary companies would be the ones that would end up dealing with the strict regulations.
Earlier last month, Signal's president Meredith Whittaker had already declared that the messaging service would withdraw from the UK if the bill was implemented as it stands today. By the end of April, Wikimedia also announced that they would not comply with the proposed requirement of age verification, which could be triggered by some content on the site under the terms of the bill.
Even if you're not based in the UK and don't feel concerned about the changes that could be brought on by the Online Safety Bill, you should still be paying attention. Governments are copycats and unfortunately, they don't just copy the good ideas. Stay vigilant.
Want to talk to us? Join us on the Koofr subreddit!