Checklist 365: There’s a Camera in My Candy

University Vending Machine Scandal: Facial Recognition Gone Too Far?

A recent scandal at Canada’s University of Waterloo has sparked outrage among students after it was discovered that M&M-branded vending machines on campus were equipped with hidden facial recognition technology. The revelation came to light when a student posted an image on Reddit showing an error message indicating the presence of a facial recognition application within the vending machine’s system.

According to reports from Ars Technica via Wired, the vending machines, manufactured by Invenda, were capable of capturing and analyzing customer data without consent, including estimated ages and genders. This revelation ignited protests on campus, prompting the university to demand that the technology be disabled and the machines removed.

While both Invenda and Adaria Vending Services, the company responsible for placing the machines, claim that the technology is compliant with data protection regulations such as the GDPR, students remain skeptical. Adaria asserts that the technology only functions as a motion sensor and does not store images of customers, despite evidence suggesting otherwise.

Invenda, a Swiss company, recently secured a significant round of funding, highlighting its expansion into the U.S. market with major clients like Mars Wrigley and Coca-Cola. However, concerns over transparency and privacy persist, especially given the secretive implementation of facial recognition technology in university vending machines.

In response to the controversy, students are left with few options to safeguard their privacy, with suggestions ranging from boycotting the vending machines to bringing snacks from home. As the debate over privacy rights in public spaces continues, this incident serves as a stark reminder of the potential consequences of unchecked surveillance technology.

source: Wired

Apple Opposes Australian Government’s CSAM Detection Mandate

In a bold move, tech giant Apple has voiced strong opposition to proposed Australian regulations mandating the detection and removal of child sexual abuse material (CSAM) and terrorist content from cloud services. The company argues that such measures would compromise user privacy and security on a massive scale.

This stance marks a significant reversal for Apple, which previously faced backlash for its own plans to implement CSAM detection systems. The proposed Australian standards aim to detect and remove CSAM and terrorist material while ensuring the disruption of new harmful content. However, Apple warns that implementing such measures could lead to widespread surveillance and encroachments on user privacy.

The debate echoes past concerns raised when Apple initially proposed CSAM detection methods. Critics argued that such systems could be abused by authoritarian governments to target political dissenters. Despite assurances from Apple, fears persisted regarding the potential for misuse and expansion of surveillance capabilities.

Apple’s opposition to the Australian mandate highlights broader concerns about the balance between security measures and individual freedoms. The company urges clarity and consistency in regulations, particularly regarding end-to-end encryption and the vague language surrounding the feasibility of content detection.

While Australian policymakers acknowledge the technical complexities and feedback received on the proposed regulations, the path forward remains uncertain. With 50 submissions providing varied perspectives, policymakers face the challenge of incorporating feedback while ensuring clarity and effectiveness in addressing harmful online content.

As the debate unfolds, the implications of regulatory decisions on privacy, security, and freedom of expression remain at the forefront, prompting a critical examination of the balance between protecting users and preserving fundamental rights in the digital age.

sources: The Guardian, 9to5mac

Apple Bolsters iMessage Security with Post-Quantum Encryption

In a bold move to fortify user privacy and security, Apple announced plans to enhance the security layer of its iMessage platform with post-quantum cryptography. This development underscores Apple’s unwavering commitment to staying ahead of potential threats, including those posed by future quantum computers capable of breaking current encryption standards.

Scheduled to roll out with the upcoming iOS and iPadOS 17.4, macOS 14.4, and watchOS 10.4 updates, the new security measures aim to preemptively address concerns about the vulnerability of today’s encryption methods to quantum computing advancements. Apple’s PQ3 protocol, designed to safeguard end-to-end encrypted communications, will be implemented across all iMessage conversations, both new and existing, by refreshing session keys for prior exchanges.

While the efficacy of Apple’s post-quantum protocol cannot be directly measured due to the current unavailability of quantum computing power, the company’s proactive approach signals a forward-looking strategy to mitigate potential future threats.

Apple’s initiative reflects the tech industry’s recognition of the need to adapt encryption standards in anticipation of emerging technologies. As quantum computing continues to evolve, Apple’s commitment to enhancing iMessage security sets a precedent for proactive measures in safeguarding user data against future threats.

While the full impact of these security upgrades may not be immediately apparent, Apple’s proactive stance underscores the importance of staying ahead of technological advancements to ensure the continued protection of user privacy and security in an ever-evolving digital landscape.

source: Techcrunch