Suzanne Smalley

@suzannesmalley.bsky.social

636

Followers

198

Following

143

Posts

Reporter covering digital privacy, disinformation and cybersecurity policy for The Record. Mom. Pub trivia queen. Crossword enthusiast. Literary fiction connoisseur. Idiosyncratic. Signal: Suzanne.81 Email: [email protected].

Posts Replies Media

New research based on invus + surveys with 5,205 LGBTQ+ people in the Mid East + North Africa found police “weaponizing dating, messaging, + social media apps to persecute” them. Cops searched/tried to forcibly access devices of nearly all respondents they interviewed therecord.media/lgbtq-mena-r...

LGBTQ+ people in Middle East and North Africa subject to intense digital oppression, research findstherecord.media Authorities are “weaponizing dating, messaging, and social media apps to persecute” queer people in the region, researchers found.

AWS hosted Pegasus source code from 2018-2020, two years earlier + longer than has previously been reported, per new court filing. NSO: At “certain times” prior to Jan '21, AWS server was “being used by NSO’s research and development department" to house Pegasus code therecord.media/aws-leased-i...

WhatsApp: AWS leased infrastructure to NSO Group beginning in 2018therecord.media The manufacturer of the powerful zero-click Pegasus software allegedly rented space on Amazon Web Services (AWS) servers from December 2018 through at least October 2020, a longer and earlier time fra...

Patagonia sued bc vendor Talkdesk allegedly routes all customer, biz partner communications to its own servers in real time, transcribes + then “uses its AI models to analyze callers’ words to determine what the caller is talking about and how the caller is feeling.” therecord.media/patagonia-su...

Patagonia invaded privacy by using AI to analyze customer service interactions, lawsuit allegestherecord.media The plaintiffs of a suit filed in California say their communications with Patagonia were intercepted, recorded and analyzed by a third party without their permission.

2 new Indian victims of mercenary spyware attacks: (1) Daughter of state party president + (2) the leader of a progressive foundation. Victim Iltija Mufti on her Pegasus hack: India has "admittedly procured & weaponised [it] to harass critics & political opponents." therecord.media/apple-warns-...

Apple warns Indian iPhone users of possible ‘mercenary spyware’ attacktherecord.media The daughter of and media adviser to the president of an Indian state political party is one of the most recent targets in the country’s long history of spyware scandals, according to local reports.

FTC review of 642 websites, apps shows 76% use at least one dark pattern to dupe consumers into giving up privacy/ buy needless products. 67% of sites, apps used multiple “possible” dark patterns. Fortnite maker agreed to $245 million dark pattern FTC fine in March therecord.media/ftc-audit-fi...

FTC audit of websites and apps finds three-fourths use dark patterns to trick consumerstherecord.media The annual review by the Federal Trade Commission and international partners found widespread use of dark patterns among 642 sites and subscription-based mobile apps.

Health scam campaigns powered by AI, deepfake videos, celebrity audio saturating Meta platforms, reaching millions across 4 continents. Campaigns push bogus “miracle cures” + feature cloned celebs, pols, docs. 350,000+ people followed one fake page selling the scams therecord.media/scammers-har...

Scammers harness AI and deepfakes to sell bogus ‘miracle cures’ on Meta platformstherecord.media The sweeping campaigns on Facebook, Messenger and Instagram reach millions of people across four continents, according to the research.

A TX sheriff just told House Homeland 11 autonomous surveillance towers he manages are "beneficial b/c you don't have to have an agent sitting behind a desk...The tech does it for the agent until it has an activation and then assists in tracking." My related Oct story therecord.media/torre-centin...

A surveillance tower in Mexico becomes an unsettling landmark for privacy advocatestherecord.media When completed, the Torre Centinela in Ciudad Juárez, Mexico, will be a 20-story surveillance colossus serving state governments on both sides of the border. Activists and privacy advocates are warnin...

"GuardZoo" surveillance tech created by a pro-Houthi threat actor targeting militaries across the Middle East from 2019 thru today. Houthi rebels embroiled in longtime Yemeni civil war, causing famine, and are backed by Iran. Unsecured C2 server logs show 450 victims therecord.media/pro-houthi-h...

Spyware attributed to pro-Houthi hackers used against militaries across Middle Easttherecord.media A threat actor aligned with the Yemen-based Houthi group used malware known as GuardZoo to spy throughout the Middle East, according to researchers at Lookout.

Sen. Grassley excoriates CISA for Ivanti hack in letter, demanding agency provide documents on its details. CSAT, the agency’s unit housing sensitive chemical info was compromised, prompting a former official to call the incident a “tough pill to swallow.” therecord.media/senator-gras...

Senate leader demands answers from CISA on Ivanti-enabled hack of sensitive systemstherecord.media Sen. Charles Grassley (R-IA) on Wednesday sent Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly a stern letter seeking documentation and answers relating to a January hack...

Supreme Court to hear TX case requiring adults provide ID to access online porn. ACLU: 2023 law leaves online porn viewers open to "state monitoring" and "establishes no monitoring or reporting requirements for entities performing age verification" in age of hacks therecord.media/supreme-cour...

Supreme Court to take up Texas law requiring adults verify age to watch porntherecord.media The petition to overturn the law points out the inherent dangers of submitting proof of identification online in an era where data breaches and hacks are rampant.

Polish parliament strips opposition party member of legal immunity, opening a path to prosecute him for spending more than $6 million to buy Pegasus in a country rocked by the revelation that nearly 600 people were monitored by the powerful, often zero click spyware therecord.media/polish-parli...

Polish Parliament strips official of immunity, clearing path for prosecution in spyware scandaltherecord.media The Polish parliament on Friday voted to lift an opposition leader’s legal immunity in order to prosecute him for the part he allegedly played in buying powerful commercial spyware when he was a leade...

Facial recognition searches law enforcement conducted via Clearview AI doubled to 2 million over the past year, company said today. Number of images stored in its database of faces, used to compare biometrics, also surged, now at 50 billion, per CEO Hoan Ton-That. therecord.media/clearview-ai...

Law enforcement searches of Clearview AI facial recognition doubled in past yeartherecord.media Agencies nationwide searched Clearview AI's database 2 million times over the past year, CEO Hoan Ton-That said.

House Energy and Commerce cancels American Privacy Rights Act markup moments before hearing was too start. Privacy and civil rights advocates, incensed by changes in the bill removing data discrimination and algorithmic bias protections, had demanded it be postponed

Data broker under fire for selling driver behavior data to insurers is close to releasing lead generation product built off the same data, promising insurers “direct access to prospective customers who meet your target parameters based on near real-time driving data" therecord.media/lexisnexis-r...

Data broker prepares a new driver-related product as another continues to draw scrutinytherecord.media LexisNexis Risk Solutions, facing criticism for a driver-data product that helps insurance companies set rates, is launching another intended to help them find desirable customers.

Reposted by

Suzanne Smalley

An excellent deep dive into the recent @accessnow @citizenlab.ca joint investigation into Pegasus targeting of Russian and Belarusian civil society 👇

Read my story featuring victims of recent Pegasus infections targeting Belarusian/Russian speaking activist, journalist exiles. I also learned the 7 infections just reported by Access Now/The Citizen Lab are part of broader, ongoing probe into potential addtl victims. therecord.media/pegasus-spyw...

The inside view of spyware’s 'dirty interference,' from two recent Pegasus victimstherecord.media Andrei Sannikov and Evgeny Erlikh discuss the effects of discovering their devices had been infected with Pegasus — making them part of a rapidly expanding list of civil-society figures targeted with ...

Leading privacy advocate @nullset.bsky.social says new version of APRA stripping civil rights protections to ward off data discrimination + algorithmic bias "make it nearly impossible for civil society to support the bill." New draft also cuts other data protections therecord.media/ai-bias-remo...

With protections against AI bias removed, data privacy bill 'impossible for civil society to support'therecord.media The latest version of the American Privacy Rights Act (APRA) has several significant changes, including most notably the deletion of two sections of the bill covering civil rights protections and algo...

TX fed judge ruled Thurs that Biden admin’s efforts to rein in use of online trackers by hospitals, other health providers are illegal, a win for health care groups that want to track patients with Meta and Google pixels which can reveal diagnoses, other private info therecord.media/texas-judge-...

Texas judge upholds hospitals’ right to use online tracking technologytherecord.media The Department of Health and Human Services (HHS) went beyond its authority when it issued a policy to rein in online trackers by hospitals, the judge ruled.

Polish prosecutors have seized Pegasus spyware systems + are now studying them to “determine the functionality of the Pegasus software and the broad legality of its use,” a spokesperson for the National Prosecutor’s Office said Friday according to local news reports. therecord.media/poland-seizu...

Polish investigators seize Pegasus spyware systems as part of probe into alleged abusetherecord.media Poland's Central Anticorruption Bureau is the target of a probe into potential abuse of Pegasus spyware by the country's previous government.

FTC says recent probe of TikTok vis-a-vis COPPA and the FTC Act has led it to file complaint w/ DOJ. Agency says it "uncovered reason to believe named defendants are violating or are about to violate the law and that a proceeding is in the public interest.” therecord.media/ftc-files-co...

FTC files complaint against TikTok for alleged data privacy practicestherecord.media The agency referred the complaint to the Department of Justice after determining TikTok and its parent company ByteDance "are violating or are about to violate the law and that a proceeding is in the ...

VT's data privacy bill - incl unprecedented right for residents to sue cos violating a host of protections - is killed as legislature fails to overcome veto. Bill sponsor to The Record: “No dust is settling on this effort...we are already coordinating next steps.” therecord.media/vermont-land...

Vermont’s landmark privacy bill killed as legislature fails to override vetotherecord.media According to the bill's sponsor, Democratic Rep. Monique Priestley, the bill died because of a “massive lobbying campaign to deny Vermonters their right to strong privacy protections.”

NSO in new court docs: All high-ranking govt, military leaders legit Pegasus targets. Company also suggests opposition politicians can be legitimately surveilled with Pegasus, a claim that comes amid Polish scandal showing nearly 600 opposition pols, allies targeted therecord.media/government-m...

Government and military officials fair targets of Pegasus spyware, NSO Group arguestherecord.media The company's lawyers argued in a Friday court filing that it is appropriate to target officials with the technology because their jobs categorically make them “legitimate intelligence targets."

VT gov vetoes state data privacy law allowing citizens to sue cos. Bill sponsor: "Major props to the Big Tech lobbyists who pulled out all the stops for this one." Gov is "handing [state residents] over to you on a silver platter to pick apart and sell the pieces." therecord.media/vermont-gove...

Vermont governor rejects state’s tough data privacy billtherecord.media Gov. Phil Scott said the Vermont legislation has “unique expansive definitions and provisions create big and expensive new burdens and competitive disadvantages for the small and mid-sized businesses ...

Pegasus creator has launched an AI institute at a top Israeli university. Israel's president joined him at launch event + said "the reason countries do not boycott us is bc of our human capital, the high-tech + the financial connections that they do not want to lose.” therecord.media/shalev-hulio...

NSO Group co-founder launches AI institute at top Israeli universitytherecord.media Shalev Hulio and others are founding The Institute to promote Israel's “leadership in implementing artificial intelligence capabilities in the cyber, medical, finance and education industries.”

Reposted by

Suzanne Smalley

This admin is packed to the brim with cybersecurity experts and strategies - leaving me to wonder why researchers were left to shoulder the "Recall" debacle themselves. My thoughts for @cyberscoop.bsky.social 👇

Microsoft’s Recall puts the Biden administration’s cyber credibility on the linecyberscoop.com Why has the White House remained silent on the launch of a product that violates the spirit and letter of its flagship cybersecurity initiatives?

Indiana cop resigns after officials discover he used Clearview AI for personal reasons, searching large number of facial images in social media. The powerful technology allows law enforcement to upload a photo of a face, tap into billions of images stored by the co. therecord.media/indiana-cop-...

Indiana cop who used Clearview AI facial recognition tech for personal reasons resignstherecord.media The Evansville Police Department officer was discovered to have used the controversial tool to search social media accounts.

Inferences data brokers sell abt people are often wrong, leading to downstream effects like insurance hikes, difficulty obtaining credit. The chief privacy officer for data broker Acxiom told me in an interview that the company's inferences are just "informed guesses" therecord.media/junk-inferen...

'Junk inferences' by data brokers are a problem for consumers and the industry itselftherecord.media Data brokers sell inferences about consumers, essentially making predictions about their habits and tastes. A significant portion of the inferences are junk, experts say, and the problem can create se...

Verisk, 1 of 2 data brokers implicated in the GM scheme providing driver data to insurers, has shut down its product. LexisNexis Risk Solutions hasn’t but firm’s privacy chief says it is dedicated to “transparency.” He declined to say how many car cos it works with therecord.media/data-broker-...

Data broker shuts down product related to driver behavior patternstherecord.media Verisk recently disclosed that it has stopped accepting data from car makers and no longer sells it to insurers.

As markup for APRA nears, the tech + big biz lobby are pushing hard to get the federal comprehensive data privacy law changed so that it no longer preserves tough portions of CA's trailblazing privacy law (data breaches), IL's biometrics law + WA's health data law. therecord.media/apra-markup-...

As markup nears, knives come out for comprehensive data privacy legislationtherecord.media A coalition representing Fortune 500 companies wants the American Privacy Rights Act to override all existing state laws governing privacy.

Canadian and UK privacy authorities are teaming up to probe 23andMe's culpability for data breach allowing hackers to access genetic information of at least 5 million customers. People with Jewish and Chinese ancestry were particularly targeted in the breach therecord.media/23andme-data...

Privacy authorities in Canada and UK announce joint probe of 23andMe data breachtherecord.media Privacy Commissioner of Canada Philippe Dufresne and U.K. Information Commissioner John Edwards said their offices will jointly investigate in order to augment their individual efforts.