Category: dsdefender

If you’re reading this from anywhere but China, you probably don’t have a Sesame Score. But if you care at all about internet privacy and security, you should know what it is.

The Chinese government has created a social credit monitoring system to look over every member of its population. It’s called Zhima Credit and is popularly known as Sesame Credit or China’s Sesame Score. It was developed by Ant Financial, which is owned by Alibaba, the major online marketplace of China that competes with sites like eBay and Amazon.

Like a Loyalty Card

As the Washington Post put it, China’s Sesame Score operates like a loyalty card scheme that monitors and measures how trustworthy a person is, based on their credit history and online activities. It’s tracking to see if you are a good citizen or more of a trouble maker.

If you exhibit positive traits—always paying bills on time—while refraining from “untrustworthy” or even illegal actions, your score will be higher. If you spread lies on social media, try to avoid paying taxes or commit traffic violations, your score goes down.

Everyone gets an individualized score. People who have high scores are eligible for loans at more favorable rates than those with lower Sesame Scores. They also enjoy better access to car-sharing systems and are eligible for free healthcare checkups. Sound great. But there are downsides, too. The Washington Post cites reports of people with low credit scores being blacklisted and suddenly unable to purchase plane tickets.

Pros and Cons

Proponents of this system say it discourages bad citizenship and rewards good behavior. In China, 80 percent of citizens approve of the Sesame Score and other social credit efforts, according to the Post. Furthermore, 76% of Chinese people responding to a poll generally distrust Chinese society. They view a social credit system as useful for combating social ills ranging from con artists to polluters.

But from an outsider’s perspective, the Big Brother comparisons are obvious and the risks of abuse and repression glaring. China’s electronic surveillance directly affects tourists and foreigners who do business in the country. Forbes reports that “new cybersecurity laws give the Chinese government access to files, contracts, copyrights, business strategies and phone records with no permission asked” of foreign companies. China now requires businesses to gather and provide their internal information to a database to determine the “moral codes” of corporations that can lead in turn to punishment or reward.

Is this a harbinger of things to come in the United States? Powerful, largely anonymous corporations have already compiled profiles on internet users here. Those profiles can determine which ads you see and how long you wait on hold when calling customer service. Big Tech has been tracking all of us for years. In some ways, the Sesame Score isn’t all that foreign.

Reprinted with permission from privacyparent.com

In the effort to protect our online transactions, have we ceded too much power to too few? Is Sift, whose algorithms protect corporate behemoths from McDonald’s to Twitter, merely a free-market version of China’s intrusive Sesame Score? What is the cost of safety?

Online shopping may be pervasive, but it isn’t without risks. Credit card fraud, for example, is on the rise each year, eclipsing $30 billion annually, with the majority of the fraud impacting United States consumers. The COVID pandemic has only made things worse: April 2020 saw attempted fraudulent transactions increase by 35 percent.

One company is positioning itself as the answer: Sift, a technology security company founded in 2011. Sift’s stated goal is to eliminate fraud on the Internet by utilizing machine learning to combat illegal and suspicious activity. Sift claims that the average business partner sees an approximate 50 percent reduction in payment fraud.

One of Sift’s most prominent assertions is that good users shouldn’t have to be penalized for the work of criminals. In other words, everyday users shouldn’t be forced to authenticate themselves to an extreme degree. Sift claims it’s able to separate the good users from the bad users in virtually every circumstance due to their website activity. On paper, it’s a great thing, and indeed, it may help to keep the Internet a safer place.

However, there are some significant privacy concerns at play. If Sift is able to interpret user activity to determine if someone is a regular user or a hacker, how much data is Sift really tracking about Internet users? Where is that data being stored? What happens if that data gets released?

The questions don’t end there. Because Sift is so pervasive and works with so many large retailers, it’s privy to a lot of information. Sift’s machine learning makes ample use of this data, constantly creating and evolving user profiles on the back end. It’s not dissimilar to China’s Sesame Score, which is essentially an all-encompassing rating that combines credit scores with social factors. That rating can then be used to exclude individuals from certain parts of society. Sift’s intentions don’t seem nefarious. But who’s to say Sift can’t decide one day to deem certain user types as fraudulent and ban them from making online transactions? Is that too much power for one company?

So far, Sift’s work has helped businesses to save billions. But the potential for a data organization like Sift to amass too much power is real. A catastrophic data breach or a malfunction of Sift’s machine learning to go haywire would lead to chaos in the world of online transactions.

Reprinted with permission from: PrivacyParent.com

COPPA—the Children’s Online Privacy Protection Act—was supposed to help guard our kids’ privacy on the internet. More than two decades after its passage, the results are mixed. Yes, COPPA protects some kids, but it is too narrow in scope and needs to be updated.

Congress enacted the Children’s Online Privacy Protection Act (COPPA) in 1998 to give parents control over what kinds of information companies can gather about their kids and improve security. It’s designed to protect children who use the internet by requiring websites to post their online privacy policy along with a notice to parents to obtain consent before gathering data. Parents are also supposed to be able to access any information collected on their kids for review or to have it deleted.

COPPA applies to commercial websites and apps that are directed at kids aged 13 and under, leaving kids older than 13 unprotected. Personal information includes details such as the child’s first and last name, phone number, Social Security number and even geolocation data (your kid’s street and town). The court can levy penalties of up to $43,280 for each violation, according to Medium.

California Steps In

California has a tougher version, called the California Online Privacy Protection Act (CalOPPA). In the Golden State, CalOPPA applies to operators of online services, apps or commercial websites that collect information on individuals living in California. This means that the website itself does not need to be a business registered in the State of California, according to TermsFeed.

CalOPPA dictates that websites indicate what categories of personal information can be collected (such as email addresses and shipping addresses). Also to be listed are any third parties that might receive and process this information for the site. 

As an example of repercussions, CalOPPA led to the California Attorney General fining app providers by as much as $2,500 each time they failed to provide compliance plans for collecting personally identifiable information.

Strengthening COPPA

Efforts to improve and strengthen COPPA are ongoing, as evidenced by the FTC hosting a recent public workshop called “The Future of the COPPA Rule.” As for future updates to legislation like COPPA, the FTC is not required to take action this year, with the next mandatory review being scheduled in 2023.

One area parents should be concerned about is whether the FTC should grant exceptions for education technology and equipment such as Google Home and Alexa that interact using voice recognition, as noted by a report from the New York Times. This issue is going to persist as long as people continue to make inquiries by voice. It’s grows in popularity for ease of use, but it also results in more personal data to potentially be harvested.

Another concern: the age limit. For the most part, we mark the age of legal adulthood at 18. The fact that COPPA cuts off protection for kids over 13 is a serious mistake. Is your 14-year-old not a kid?

COPPA protects, but on its own is an inadequate shield. Parents who care about their children’s online safety and privacy must be vigilant and set ground rules for computer, tablet and phone usage. Meantime, call your legislators and tell them you want a stronger, tougher COPPA.

Published with permission from PrivacyParent.